Focused On Privacy

data-protection

  • New California Law Enhances Data Broker Disclosure Obligations

    New California Law Enhances Data Broker Disclosure Obligations

    Under existing law, California Data Brokers must register with the California Privacy Protection Agency (“Agency”) and pay a registration fee in an amount determined by the Agency. Data Brokers are also required to provide specific information, including the name of the data broker and its primary physical, email, and internet website addresses. Data Brokers must…

  • Effective Privacy Governance: How to “Bucket” State Obligations

    Effective Privacy Governance: How to “Bucket” State Obligations

    As of the date of this post, there are at least nineteen comprehensive state privacy laws that have been passed and signed into law. Seven of those laws are currently in effect with active enforcement by state regulators. By this time next year (July 2025) an additional eight states will be in effect. Below is…

  • California Usurps Federal Privacy Action (Again)

    California Usurps Federal Privacy Action (Again)

    Most Americans expect the federal government to be involved in international agreements on individual rights affecting U.S. citizens. California has partnered with France on data privacy protections, following the cancellation of a federal privacy rights act discussion. This collaboration signals a shift towards more cohesive global privacy regulations and may influence California’s privacy legislation approach.

  • SEC Guidance: Providing Clarity on Private Sharing of Cybersecurity Incident Information

    SEC Guidance: Providing Clarity on Private Sharing of Cybersecurity Incident Information

    In July 2023, the SEC mandated public companies to annually disclose material cybersecurity incidents and risk management details to protect investors. The new rules aim for consistent disclosure and timely reporting within four business days, but caused confusion about how these disclosures may prohibit or limit the ability to discuss additional details as part of…

  • California Privacy Protection Agency Provides Summary of Pending California Privacy Legislation

    California Privacy Protection Agency Provides Summary of Pending California Privacy Legislation

    In advance of the upcoming May 10th meeting, the California Privacy Protection Agency released meeting materials to provide context to several agenda items. In particular, the California Privacy Protection Agency Board voted unanimously to: In addition, the materials provide a snapshot of the California legislative calendar, along with a list of eight pending bills that…

  • Attorney General Proposes to Roll Back Entity Level Exemptions under Connecticut Data Privacy Act

    Attorney General Proposes to Roll Back Entity Level Exemptions under Connecticut Data Privacy Act

    In a report from February of this year, the Connecticut Attorney General identified several proposed legislative changes to the Connecticut Data Privacy Act that would strengthen or clarify protections afforded to residents of the State. Specifically, the report states: The CTDPA contains a myriad of exemptions carving out entities from its requirements. Several states have…

  • FTC Warns that Notice and Choice May Not Be Enough to Protect Privacy

    FTC Warns that Notice and Choice May Not Be Enough to Protect Privacy

    During a recent lecture at Fordham Law School, Samuel Levine, the Director of the Federal Trade Commission Bureau of Consumer Protection warned that when it comes to privacy “notice and choice is a fantasy world.” Mr. Levine did not mince words, further calling notice and choice a regime that “became a way for companies to…

  • Small but Mighty: The Vermont Data Privacy Act and It’s Private Right of Action

    Small but Mighty: The Vermont Data Privacy Act and It’s Private Right of Action

    According to the 2020 census, Vermont’s population of just under 650,000 residents makes it the second to last in population in the nation and the sixth smallest state by area. Yet, Vermont has introduced a privacy bill that rivals California in scope. This broad scope is also punctuated by two key provisions. First, Vermont’s applicability…

  • Privacy and Cybersecurity: Two Very Different Sides of the Same Coin

    Privacy and Cybersecurity: Two Very Different Sides of the Same Coin

    Cybersecurity and privacy are often used interchangeably within business organizations because they both refer to how businesses protect personal data. However, there are also several substantial distinctions between the concepts of privacy and cybersecurity. In this post, I explain the differences between privacy and cybersecurity and do a deeper dive into cybersecurity as a legal…

  • Privacy Question of the day

    Privacy Question of the day

    True or False: The Children’s Online Privacy Protection Act applies to data collected on children (under 13) who reside outside of the United States (i.e. in the EU). Vote Here! (Spoiler!!) The answer and explanation are described below. The answer may be surprising! The FTC’s frequently asked questions about COPPA address this issue under section…