Privacy Law and Regulation

2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit.  With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal cyber-regulations, new state laws governing children’s data and new EU legislation regulating digital services – privacy lawyers will

On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Bonta alleges failed to comply with the California Consumer Privacy Act (CCPA).  This sweep focused specifically on “popular retail, travel, and food service industry apps” that failed to comply

With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy would also be compliant with the Colorado Privacy Act (“CPA”).  And, as the Colorado Attorney General has made clear, interoperability is an important guiding

2022 proved to be an historic year for privacy and data security.  Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states.  For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection

On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules. 

We will be providing in-depth analysis in coming days and weeks, but at first review, the revised rules appear to represent a fine-tuning as opposed to a complete overhaul.  Some of these changes – such as additional flexibility

With its draft rules, Colorado has set forth a new model for state privacy laws.  While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as rules on topics that have been notably absent from California’s draft rules.  Ballard partners Phil Yannella and Greg

In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of data. Although the action arose out of a common security failure—the sort that has been the subject of numerous prior

In the past several months, plaintiff’s lawyers have filed dozens of class action lawsuits under state wiretap laws, some of which provide for statutory damages of $5000 per occurrence or more.  The lawsuits focus on the use of chatbots, “session replay” software, and tracking code embedded in websites. Plaintiffs contend these tools enable the