Showing Posts In "Data Protection and Privacy" Category

New Jersey Enacts Privacy Law

New Jersey’s State Legislature has passed the Disclosure and Accountability Transparency Act, which will be effective January 8, 2025. The Data Act adopts many elements and terminology from the European Union’s General Data Protection Regulation (GDPR). It defines personal data very broadly and applies to controllers that determine the purposes and means of processing Personal […]

New Hampshire Enacts Privacy Law

New Hampshire’s State Legislature has enacted the Expectation of Privacy Act, effective January 1, 2025. The Act defines “personal data” very broadly and applies to “controllers,” defined as individuals or legal entities that determine the process and means of processing Personal Data. The Act grants consumers broad rights and specifically provides a definition for sensitive […]

CFPB Issues Background Screening, File Disclosure Advisory Opinions

The Consumer Financial Protection Bureau (CFPB) has issued two advisory opinions addressing consumer reporting agencies’ (CRAs) obligations, under the FCRA. The opinions relate to information included in background check reports and consumer file disclosures, while also expanding on a coordinated federal agency effort that ensures that the “background screening industry adheres to the law” and […]

New England State Consumer Data Privacy Bills Currently Under Consideration

Twelve states have generally applicable privacy laws that impose affirmative obligations and substantive restrictions on what covered businesses must and cannot do with personal data. Several other privacy laws are under consideration across New England, including Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont.

Read more

Does US Privacy Regulation Trump a State’s Biometrics Law? Supreme Court to Decide

Healthcare workers from the University of Chicago’s Ingalls Memorial Hospital, Northwestern Memorial Healthcare, and Becton, Dickinson, have filed a biometric privacy lawsuit against the businesses. The employees claim their employers violated the state’s Biometric Information Privacy Act by forcing them to submit their biometric data the same as any private-sector employees in the state are […]

Colorado Privacy Act – Rocky Mountain Regulations

Colorado has passed comprehensive data privacy legislation, which borrows, in part, from the European Union’s General Data Protection Regulation (GDPR), California Consumer Privacy Act and the Virginia Consumer Data Protection Act. The Colorado law, however, does not exempt nonprofit organizations. The Colorado Privacy Act (CPA) is a state law that gives consumers the right to […]

CFPB Releases FCRA Rulemaking Outline Topics

The Consumer Financial Protection Bureau (CFPB) has released an Outline of Proposals and Alternatives Under Consideration, which is intended to enhance consumer protection, improve data security, and ensure fair and accurate credit reporting. The proposals address data brokers as consumer reporting agencies, credit header data, targeted marketing and aggregated data, permissible purposes for consumer reports, […]

California Privacy Protection Agency Releases Draft Regulations on Risk Assessments

The California Privacy Protection Agency (CPPA) has released two sets of draft regulations under the California Consumer Privacy Act (CCPA). The first involves risk assessments and the second addresses cybersecurity audits. California would join Colorado, Connecticut, and several other states with the requirement to assess processing activities that present a significant or heightened risk of […]

Are the Volume Thresholds in Privacy Statutes Triggered by the Number of In-State IP Addresses That Visit an Organization’s Website?

Specific thresholds differ from state to state, with many of the new statutes only applying to organizations that control or process personal information relating to at least 100,000 state residents. Many question whether Internet Protocol (IP) addresses are considered personal information, but the California Attorney General refused to clarify that IP addresses could not, by […]

Third Time’s the Charm? EU-US Data Privacy Framework Revamped and Reloaded

The European Commission has adopted an adequacy decision for a lawful data transfer from the EU to the USA for the third time. The recent adequacy decision follows an Executive Order of President Biden that introduced new binding safeguards to ensure that data can be accessed by the US intelligence agencies only to the extent […]