The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.

Timely Updates and Analysis on Privacy and Cybersecurity Issues
The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.…
Montana now joins a growing list of states to have a comprehensive privacy law. The law was signed by the governor on May 19, 2023 and will go into effect October 24, 2024. This is before some Iowa (effective January 1, 2025) and Indiana (effective January 1, 2026), which pre-dated it in passage.…
Continue Reading Montana Governor Signs Big Sky’s Privacy Law
EyeMed recently entered into a settlement with the Attorneys General of Oregon, New Jersey, Florida and Pennsylvania around a 2020 breach of an EyeMed email account that contained the data of more than 2 million individuals. As we previously reported, EyeMed entered into settlement with NYDFS over this breach in October of 2022. …
The Tennessee governor has signed Tennessee’s comprehensive privacy law, which as we have indicated will go into effect July 1, 2025. As initially proposed, the law would have been…
Continue Reading Another Governor Signs: Tennessee Volunteers to Join the Privacy PatchworkWith January well in the rear view mirror, companies are setting their privacy compliance sights on the next two laws to come into effect on July 1, 2023: Colorado and Connecticut. Knowing, of course, that Utah (December 31, 2023) is not far behind. To say nothing of five more on the horizon, in order of effective date:…
Continue Reading Preparing for the US Comprehensive Privacy Law Deluge
Indiana has now become the seventh US state to enact a comprehensive privacy law after Senate Bill 5 (“SB5”) was signed by the governor on May 1, 2023. The new law will go into effect January 1, 2026, and is almost identical to recent comprehensive privacy laws in other states.…
Continue Reading Governor Signs: Hoosier State Adds to the US Privacy Patchwork
In this third post in our ongoing series, we examine the scope of the consent requirements under the recently enacted My Health My Data Act. (Visit here for information about the scope of the law and here for information about consumer rights). The Act imposes consent requirements on a wide range of common processing activities.…
Continue Reading My Health My Data Act: Consent Requirements
In this second post in our ongoing series, we examine the scope of rights given to consumers under the recently enacted My Health My Data Act. (Visit here for information on the scope of the law). The law provides consumers several rights, all of which are in other privacy laws. However, the requirements associated with some of these rights create some unique challenges.…
On April 27, 2023, the state of Washington enacted a landmark privacy law aimed at protecting the privacy of health data not covered by HIPAA. While the 2023 legislative season has been busy for state “comprehensive” privacy laws, this law is likely to have the most impact on businesses. The My Health My Data Act covers a very wide range of entities, consumers, and data, as we describe below. And, it contains a private right of action. With the law coming into effect in the first half of 2024, organizations will want to take steps now to understand the scope of this law and its onerous obligations.…
On April 4, CFPB Director Rohit Chopra delivered remarks at the International Association of Privacy Professionals’ Global Policy Summit on the importance of reigning in repeat violators of consumer finance and privacy laws. According to the Director, the CFPB is to enhance penalties against repeat offenders of consumer protection laws. Such penalties could involve a broader range of agency remedies, including naming executives in enforcement actions and placing meaningful limitations on future business practices, in addition to simple fines.…
Continue Reading CFPB Director Elevates Priorities for Data Privacy & Repeat Offenders
With the governor signing SF 262 into law last week, Iowa became the sixth US state with a comprehensive privacy law. The law goes into effect January 1, 2025. It applicability is similar to other states’ laws. It applies to companies that do business in Iowa and either: (1) control or process personal data of at least 100,000 Iowans; or (2) derive over 50% of gross revenue from the sale of personal data and control or process personal data of 25,000 or more Iowans. These thresholds are calculated annually.…
Continue Reading Iowa Becomes Sixth State with Comprehensive Privacy Law
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.