On February 21, 2025, representatives in the California legislature introduced California Assembly Bill 1355, also known as the California Location Privacy Act (“AB 1355”). AB 1355 seeks to amend the California Consumer Privacy Act (the “CCPA”) by imposing several new restrictions on the collection and use of consumer location data.
Under AB 1355, “location
The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve as the foundation for the process moving forward. Discussion
Connecticut is the next in a growing list of states to pass comprehensive data privacy legislation. Last Friday, the Connecticut legislature passed, by large margins, Senate Bill 6 — which we are referring to as the Connecticut Data Privacy Act (CTDPA). The law now awaits the Governor’s signature.
The CTDPA follows the form and content of other privacy laws passed in the prior year, including the Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), and Utah Privacy Act (UPA). California, of course, passed the California Consumer Privacy Rights Act (CPRA) via ballot initiative in 2020. All of these laws will become effective in 2023.
Continue Reading Connecticut Poised To Become Fifth State to Enact a Privacy Law
Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.
As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah legislature. The UCPA closely resembles the Virginia Consumer Data Privacy Act, but with some
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as states that have adopted laws that strictly regulate the notice, collection, and handling
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).
As background, the original CCPA
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s law enacted a few days earlier. Notably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”). In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi
Recently, legislators in Texas introduced two bills relating to consumer privacy and data protection: H.B. No. 4518, the Texas Consumer Privacy Act (“Texas CPA”) and H.B. No. 4390, the Texas Privacy Protection Act (“TPPA”). These bills bear a strong resemblance to the California Consumer Privacy Act (the “California CPA”), and would lay the groundwork for extensive administrative schemes protecting consumers’ rights to their personal information.
Texas CPA
The Texas CPA bears strong similarity to California CPA. The Texas CPA, which, if adopted, would take effect September 1, 2020, applies to companies that do business and collect consumer data and:
Continue Reading Texas Legislature Weighing Proposed New Privacy Laws
New proposed legislation in California, backed by state Attorney General (AG) Xavier Becerra, would amend the new California Consumer Privacy Act (CCPA) to make it easier for private plaintiffs and public officials to sue for violations while further increasing regulatory uncertainty and compliance costs for businesses. Specifically, SB 561 would expand the CCPA’s private right of action, remove the Act’s public enforcement “cure” provision, and eliminate the ability of affected companies to seek compliance guidance from the AG.
The CCPA is a sweeping new privacy law which goes into effect in January 2020. It gives California residents substantial control over personal data held by certain California businesses, requiring disclosure of what personal information the business collects, how that information is used or sold, and allowing consumers to control or delete that information upon request. It currently allows private plaintiffs to seek statutory damages of up to $750 per violation for certain violations, and it allows the AG to seek civil penalties of up to $2,500 for most violations, and up to $7,500 for violations found to be intentional.
Continue Reading California Legislation Would Make CCPA Even Worse for Businesses