California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka the “Delete Act,” would be required to recognize and honor opt-out signals from Californians. The law seeks to expand on
John Georgievski
Kansas Passes an Act Requiring Mortgage Companies, Supervised Lender, and Money Transmitters to Create Information Security Standards Consistent with GLBA’s Consumer Information Safeguard Rule
On April 24, the Governor of Kansas signed into law Kansas Senate Bill 44, which enacts the Financial Institutions Information Security Act (the “Act”). The Act requires credit services organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions to comply with the requirements of the GLBA’s Safeguards Rule, as…
Iowa Officially Becomes the 6th State with an Enacted Consumer Data Privacy Rights Law
On March 29th, Iowa Governor Kim Reynolds signed Senate Bill 262 into law, making Iowa only the 6th U.S. state to enact a Consumer Data Privacy Rights Law. The new law, which was previously covered in greater detail here, will go into effect on January 1, 2025.
The Iowa Senate and House Pass a Consumer Data Privacy Rights Bill
On March 15, 2023, the Iowa House passed Senate Bill 262 on a 97-0 vote. The Bill had previously passed the Iowa Senate on March 6, 2023. If ultimately signed by Iowa Governor Kim Reynolds, Iowa would join California, Colorado, Connecticut, Utah, and Virginia as the sixth U.S. state with a comprehensive consumer data privacy…
The UK Publishes Bill to Update UK GDPR
On March 8, 2023, the U.K. Secretary of State for Science for Innovation and Technology announced the publication of the Data Protection and Digital Information (No.2) Bill. This new version of the Data Protection and Digital Information bill will effectively supersede the prior draft, which was first published in July of 2022.
The…
Heightened Cybersecurity Requirements for Medical Devices Passed Into Law
Many privacy professional may have missed it, but In the run-up to the New Year — while many U.S. companies were focused on complying with the California Privacy Rights Act (CPRA) — Congress passed an appropriations bill that contains significant new cybersecurity requirements for medical device companies. The Omnibus Appropriations Bill, which was signed…
2023 Privacy and Data Security Preview
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection…
The Cost of a Click: Microsoft fined 60 Million Euros by French Privacy Watchdog for French Data Protection Act Violations
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the “Loi Informatique et Libertés”). Article 82 is France’s implementation of the EU’s ePrivacy Directive, and it generally requires that any…
Lessons from the Texas Biometric Data Action Against Google
On October 20, 2022, Texas Attorney General Ken Paxton brought suit in Texas district court against Google for alleged violations of the Texas Capture or Use of Biometric Identifier Act (“CUBI”). The petition claims that Google violated CUBI by collecting, analyzing, and storing the facial geometry of individuals who appear in photos that have…