DATA PROTECTION & PRIVACY ARTICLE INDEX FOR 2023 FROM THE BACKGROUND BUZZ |
 |
Building State Privacy Compliance Programs
January | National: The CPRA and VCDPA came into force on Jan. 1, 2023, joining a slew of other states with similar laws.
California Attorney General Conducts Another CCPA/CPRA Compliance Sweep
February | California: The California State Attorney General has announced another sweep of CCPA/CPRA violations.
California Privacy Protection Agency Approves CCPA Regulations
February | California; The CPPA voted to adopt and approve its draft CCPA regulations. The OAL will review the final rulemaking package.
On the Grid: Data and Privacy Protection Act
February | National: Attorney Angela Doughty of Ward and Smith spoke at the In-House Counsel Seminar about topics related to privacy and data security.
ISO 31700: The Latest Tool to Operationalize (GDPR) Privacy by Design Compliance?
February | National: A new “privacy by design” international standard bearing a resemblance to “data protection by design and by default” has been introduced.
PeopleConnect Announced Data Breach
February | National: LifeLock and PeopleConnect have announced that they suffered a data breach after a hacker gained access to a 2019 backup database containing the personal information of more than 20 million customers.
Colorado AG Enacts Landmark State Privacy Act Rules
March | Colorado: The final version of the CPA Rules has been introduced, granting Coloradans rights over their own personal data.
Iowa Passes Comprehensive Privacy Statute
March | Iowa: The Iowa legislature has passed S.F. 262 (ICDPA), which would take effect Jan. 1, 2025.
New Data Privacy Laws Now Playing at a Theatre New You (or Coming Soon): Are You Ready?
March | National: Several privacy laws have been enacted across the country, each including extra protections for sensitive data.
Iowa is the Sixth U.S. State That Enacts Data Privacy Law
April | Iowa: Senate File 262, Iowa’s data privacy law, will go into effect Jan. 1, 2025.
Stop Buying into These 5 Common SOC 2 Misconceptions
April | National: It is important to become familiar with the top five myths pertaining to SOC2, so misconceptions can be avoided.
Colorado Finalizes its Privacy Act Rules
April | Colorado: The Colorado Privacy Act (CPA) Rules have been finalized, making it the third state to enact a general state privacy law.
Indiana Enacts Comprehensive Consumer Data Privacy Laws
May | Indiana: Senate Bill 5, the state’s comprehensive consumer data privacy law, has been signed.
Latest Setback for the EU-US Data Privacy Framework
May | International: The Members of the European Parliament (MEPs) have voted to reject the DPF and urged the European Commission not to endorse it until concerns are addressed.
Montana Governor Signs Big Sky’s Privacy Law
May | Montana: Effective October 24, 2024, the state’s comprehensive privacy law includes notice, consumer rights, sensitive personal data, contracts, and enforcement.
Newly Passed Florida Privacy Law Bill
May | Florida: The Florida Digital Bill of Rights has been passed in Florida, making it the ninth state to enact its own comprehensive consumer privacy law.
Processing Sensitive Personal Information Under U.S. State Privacy Laws
May | National: Nine states have now passed comprehensive privacy laws or have plans to put laws into effect, each with different approaches to processing SPI.
Tennessee Information Protection Act with NIST Security Standards Enacted
May | Tennessee: The state’s comprehensive consumer data privacy law will be effective July 1, 2024.
June | California: State authorities will begin enforcing the regulations of the CPRA on July 1, 2023.
7 Steps to Comply with the CCPA
June | California: Businesses can take seven important steps to achieve full compliance with the CCPA.
Data Protection Impact Assessments: Are You Ready?
June | National: A common thread among the comprehensive privacy bills that are popping up across the country is the requirement to conduct and document a data protection assessment in various circumstances.
Florida Added to Growing List of New Comprehensive Privacy Laws
June | Florida: Senate Bill 262, which establishes the state’s Florida Digital Bill of Rights (FDBR), has passed and is effective July 1, 2024.
FTC Adopts Biometric Policy Statement
June | National: The FTC has issued a policy statement warning that false, misleading, or unsubstantiated statements made about the accuracy of biometric information technologies could lead to enforcement action.
Illinois Legislature Advances Proposed Amendment to Right to Privacy in the Workplace Act
June | Illinois: Senate Bill 1515 has been passed by the state legislature, amending the existing Right to Privacy in the Workplace Act.
An (Im) Perfect 10: Indiana, Tennessee, Montana & Texas Pass Consumer Privacy Laws
June | National: State privacy laws across the country each vary in unique aspects but are similar in nature.
Navigating Data Protection Laws: Using European Clauses as the Foundation for U.S. Agreements
June | International: Following the GDPR – Europe’s data privacy law, as well as the “Standard Contractual Clauses” (SCCs) allows businesses to be in compliance with data privacy provisions.
Texas Passes Data Privacy and Security Act
June | Texas: The Texas Data Privacy and Security Act shares many similarities with Virginia’s regulations and, if signed, would take effect on July 1, 2024.
Montana’s Comprehensive Privacy Law Signed by the Governor
June | Montana: The CDPA has been signed by the governor, making it to fifth state to pass a comprehensive privacy law this year.
Connecticut Legislature Passes Amendments to the Connecticut Data Privacy Act
July | Connecticut: SB 3 has been passed by the state legislation, which would amend the CTDPA to include several provisions related to health and minors’ data.
Delaware General Assembly Passes Personal Data Privacy Act
July | Delaware: The Delaware Personal Data Privacy Act (DPDPA), similar to the statutes in Connecticut, Montana and Oregon, was recently passed by the general assembly.
California Attorney General Announces New CCPA Investigative Sweep of Employers
July | California: The state attorney general will now focus on employee data, with inquiry letters sent to large employers.
CPRA Enforcement Delayed Until at Least March 29, 2024
July | California: The enforcement of the CPRA regulations have been delayed until March 29, 2024, following a Chamber of Commerce lawsuit.
July | International: A website has been launched that will enable eligible U.S. companies to self-certify their participation in the EU-US Data Privacy Framework.
Oregon Passes Comprehensive Privacy Law
July | Oregon: Senate Bill 619 has been passed, applying to any business that controls or processes the personal information of at least 100,000 residents or at least 25,000 residents while deriving at least 25% of its revenue from the sale of personal information.
Texas Data Privacy and Security Act – An Overview
July | Texas: The Texas Data Privacy Act and Security Act (TDPSA) includes a “small business” carveout, consent to process sensitive data and notices for sale of sensitive personal data.
Oregon Legislature Passes Consumer Privacy Act
July | Oregon: The Oregon Consumer Privacy Act resembles other comprehensive privacy statues but contains some notable distinctions.
Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
August | Delaware: The DPDPA was passed by the state House of Representatives and, if passed, would apply to residents who act for a personal or household purpose.
Oregon Passes Privacy Law with Narrow Financial Institution Exemption
August | Oregon: The newly enacted Oregon Privacy Law imposes a range of new data privacy requirements on non-exempt controllers and processes of consumer personal data.
Tennessee: Overview of the Tennessee Information Protection Act
August | Tennessee: The Tennessee Information Protection Act (TIPA) shares many elements frequently found in comprehensive privacy laws and includes broad exemptions for various entities.
Prioritizing Privacy Programs Based on the NIST Privacy Framework
August | National: The NIST Privacy Framework can support and prioritize an organization’s specific privacy program with 18 categories and 100 subcategories within five core functions.
State Data Protection Laws: What You Need to Know as States Ramp Up Enforcement
August | National: At least 13 states will have comprehensive laws in place by 2025, which vary in content from one another, and suspected violations will be investigated by state attorney generals.
Are Privacy Policies Alone Enough to Protect Employee Privacy? Ask Tesla
September | National: Tesla was found to have failed the employment stage of the workforce when it failed to “adequately protect access to customer and employee data,” reinforcing the importance of background screenings.
Delaware Enacts Wide Data Privacy Law Without Consumer Right to Sue
September | Delaware: House Bill 154 gives customers in the state the right to know what businesses are doing with their personal data.
Global Privacy Regulators Joins Forces to Warn About Scraping Publicly Available Information
September | International: Twelve data protection and privacy regulators announced their “global expectations of social media platforms and other sites to safeguard against unlawful data scraping.”
Penn the Latest US State to Consider Data Privacy Law with No Right of Action
September | Pennsylvania: Lawmakers have opened a discussion about their proposed Consumer Data Privacy Act, House Bill 1201.
October | California: The California Attorney General refused to clarify that IP addresses could not constitute personal information under the CCPA.
New England State Consumer Data Privacy Bills Currently Under Consideration
October | New England: Several other privacy laws are under consideration across the New England states, including those that already enforce applicable laws.
California Privacy Protection Agency Releases Draft Regulations on Risk Assessment
October | California: The CPPA has released two sets of draft regulations under the CCPA involving risk assessments and cybersecurity audits.
CFPB Releases FCRA Rulemaking Outline Topics
October | National: The CFPB has released an Outline of Proposals and Alternatives Under Consideration to enhance consumer protection, improve data security and ensure fair and accurate credit reporting.
Colorado Privacy Act – Rocky Mountain Regulations
October | Colorado: The state’s comprehensive data privacy legislation borrows, in part, from the GDPR, California Consumer Privacy Act and the Virginia Consumer Data Protection Act.
Does US Privacy Regulation Trump a State’s Biometric Law? Supreme Court to Decide
October | Illinois: Healthcare workers from a handful of locations have filed a biometric privacy lawsuit against their employers for violations of the state’s Biometric Information Privacy Act.
December | National: Data privacy is expected to be at the forefront in 2024, with several emerging trends at the top of the list.
Oregon Consumer Privacy Act: Time to Get Ready, But Does It Apply to My Organization?
December | Oregon: The OCPA will provide consumers with control over their personal data, while enacting certain restrictions for businesses handling such data.