On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.
The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline). Moreover, the draft Colorado Rules address
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that businesses should address before the January 1, 2023 deadline.
Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit. In an hour-long fireside chat with Ballard Spahr’s Co-Chair of Privacy and Data Security Greg Szewczyk, AG Weiser discussed the rulemaking process under the Colorado Privacy Act. A recording of the interview
The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception. As a result, when the the California Privacy Rights Act (CPRA) goes into effect
Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023. This law applies broadly to employers and employment agencies operating in New York City that target New York City residents using what it refers to
In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk give a comprehensive rundown of the American Data Privacy and Protection Act (ADPPA), including: The status of the bill, key components, the private right of action, and the bill’s differences from state laws. Phil
In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways.
On August 11, the FTC released its Advanced Notice of Proposed Rulemaking, seeking public input on a host of questions relating to what it
On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations. The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.
The Amendments contain three significant changes relating to ransomware. First, the Amendment specifically adds “the deployment of ransomware
Greg Szewczyk and Phil Yannella sat down with Kimberly Klayman to give a privacy update for startups in Technical.ly. Read the full interview here.
In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk discuss the past, present, and future of VPPA litigation and proactive steps to mitigate the risk of VPPA litigation.