On May 19th, the Montana Governor Greg Gianforte signed the Montana Consumer Data Privacy Act (“Montana CDPA”). The Montana CDPA was chaptered into Montana law on May 22nd. Montana is the fifth state to pass a comprehensive privacy law this year, following Iowa, Indiana, Tennessee and Florida, and the tenth state overall, following
Connecticut
Data Protection Impact Assessments: Are You Ready?
This year has widened the landscape of consumer privacy protections, with dozens of comprehensive privacy bills moving through state legislatures and becoming enacted. So far in 2023, Iowa’s Act Relating to Consumer Data Protection (“Iowa Privacy Law”) and Indiana’s Consumer Data Protection Act (“ICDPA”) were signed into law. These two laws join the Virginia Consumer Data Protection Act (“VCDPA”), California Privacy Rights Act (“CPRA”), Colorado Privacy Rights Act (“CPA”), Connecticut’s Public Act No. 22-15 (“CTPA”), and Utah Consumer Privacy Act (“UCPA”) in the state comprehensive consumer privacy law framework. The Iowa Privacy Law becomes effective on January 1, 2025, and the ICDPA becomes effective on July 1, 2026. The VCDPA and CPRA (amending the California Consumer Privacy Act or “CCPA”) went into effect on January 1, 2023, while the CPA and CTPA go into effect on July 1, 2023. The UCPA will go into effect December 31, 2023.
Continue Reading Data Protection Impact Assessments: Are You Ready?
Final Tennessee Privacy Act Signed into Law, Expanding Consumer Rights and Data Controller Flexibility in Developing and Measuring a Written Privacy Program that May Qualify for an Affirmative Defense to Violations of the Act
This article was originally published on Privacy World on May 4, 2023 and was updated on May 16, 2023.
The Tennessee Information Protection Act (“TIPA”), signed into law on May 11, 2023, is a hodgepodge of the current U.S. state consumer privacy laws, but with a notable twist.
What’s the Same
Like the other state…
2022 Privacy World Year in Review: CCPA
2022 saw cases continue to be filed under the California Consumer Privacy Act (“CCPA”), although perhaps reflecting the increasing reliance of the plaintiffs’ bar on negligence and tort-based privacy claims concerning a defendant’s alleged failure to maintain “reasonable security,” the number of cases of CCPA based claims declined. Read on for Privacy World’s highlights of…
Are You Ready for the 2023 Privacy Laws?
Amendments to the California Consumer Privacy Act (“CCPA”) went into effect on January 1 of this year, as did Virginia’s new privacy law. Virginia’s law is immediately enforceable. While the California amendments are not enforceable until July 1, 2023, on December 31, 2022 the opportunity cure violations before civil penalties could be assessed sunset (at…
BREAKING: Former Uber CSO Convicted of Criminal Obstruction and Concealment of a Felony for 2016 Data Breach Cover Up
After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).
Recall that back in 2016, two hackers stole data…
Kyle Fath appointed to Connecticut Privacy Legislation Working Group
Kyle Fath, partner in the firm’s Data Privacy, Cybersecurity & Digital Assets group and Los Angeles Office, was appointed this month to serve on the Connecticut Data Privacy Act (CTDPA) working group by the joint standing committee of the Connecticut General Assembly.
Continue Reading Kyle Fath appointed to Connecticut Privacy Legislation Working Group
CPW Week in Review
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end
2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end
We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations…
Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR
In a CLE webinar earlier this week, Malcolm Dowden (Partner, London) and Niloufar Massachi (Associate, Los Angeles) discussed evaluating, drafting, and updating vendor agreements to meet the privacy and security requirements of new US privacy laws and the GDPR.
Continue Reading Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR