State Law

Subscribe to State Law
United States Capitol Building

As we have previously posted, it has been an active year on the state privacy law front.  Indeed, the number of states with privacy laws is about to nearly double in a matter of months,  with Iowa, Indiana, Montana, and Tennessee have already passed or are about to pass comprehensive

In a landmark decision that will have widespread effects, the Illinois Supreme Court ruled that a claim accrues each time—rather than just the first time—that data is collected in violation of the Biometric Information Privacy Act (BIPA).  Because BIPA provides statutory damages for each violation, this ruling exponentially increases potential damages, especially in the employment

The jury returned a verdict in favor of the plaintiffs in the first trial for violations of the Illinois Biometric Privacy Act (“BIPA”), which was conducted in the District Court for the Northern District of Illinois. Rogers v. BNSF Ry. Co., No. 1:19-cv-03083.  A jury found that BNSF Railway violated BIPA by maintaining an

On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA).  This first public enforcement action—and subsequent noncompliance letters the Attorney General sent to other retailers—clearly highlight the continued focus of regulators on online tracking practices and opt-out signals such

On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.

The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline).  Moreover, the draft Colorado Rules address

Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit.  In an hour-long fireside chat with Ballard Spahr’s Co-Chair of Privacy and Data Security Greg Szewczyk, AG Weiser discussed the rulemaking process under the Colorado Privacy Act.  A recording of the interview

Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023.  This law applies broadly to employers and employment agencies operating in New York City that target New York City residents using what it refers to

In a surprising development, the California Privacy Protection Agency (CPPA) published proposed amendments to the CCPA regulations recently.  The proposed amendments were initially made public on May 27 in a package of materials to be considered by the CPPA at its upcoming June 8 meeting.  The proposed amendments—which in effect are the draft CPRA regulations—were

The California Privacy Protection Agency (“CPPA”) scheduled a Board Meeting for June 8th, in which it will be discussing and possibly taking action with regard to the much anticipated CPRA enforcing regulations.  To facilitate this discussion, the CPPA included a draft of the proposed regulations as part of the meeting records. This draft