Category Archives: State laws

A Comprehensive Privacy Law May Be Heading for Massachusetts, And Businesses Should Prepare (originally on the MassTLC Blog)

Eds. Note:  This post was originally published on the MassTLC Blog.

Get ready: there’s a good chance that comprehensive data privacy legislation is coming to the Commonwealth.  If your business is not already compliant with the European Union’s or UK’s General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), then you might have some work to do.

Proposals for general data protection legislation are not new to Massachusetts;… More

The proposed Massachusetts Information Privacy and Security Act: Will This Be the Year Massachusetts Finally Updates Its Consumer Privacy Laws?

Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California.  The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.

The 65 page long bill would,… More

NYC Employers Face New Restrictions on Use of Artificial Intelligence in Hiring

As technological advances have given employers artificial intelligence (AI) based tools to assist them in the hiring process, New York City has taken note. Recently, New York City adopted a new measure restricting the use of artificial intelligence (AI) in hiring.

The law, which will go into effect on January 1, 2023, bars the use of AI-based hiring tools unless those tools have been subject to a bias audit.… More

First Circuit Creates Exception to Massachusetts Wiretap Statute Based on First Amendment Rights, Allows Citizens and Press to Record Police Activity Without Permission

The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment.   The opinion begins:

Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More

Here Comes a New California Privacy Law! A Preliminary Look at the CPRA.

California voters on Election Day passed the California Privacy Rights Act (CPRA), an update and partial overhaul to the California Consumer Privacy Act (CCPA), the landmark 2018 privacy law.  The new CPRA strengthens existing privacy protections, particularly for certain categories of sensitive personal information, and creates an independent enforcement agency.  However, privacy advocates like the ACLU of Northern California and the Electronic Frontier Foundation came out against or refused to support the measure,… More

The Equifax/Massachusetts Attorney General Consent Judgment: A Guide for Privacy and Security Compliance

What do businesses need to do to comply with privacy and data security laws?  The first place to look is to relevant statutes.  If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations.  These are important guides that require certain operational activities, such as maintaining a written information security program,… More

Cybersecurity 2020 — The Year in Preview: Top 3 State AG Trends to Watch in 2020

Editors’ Note:  This is the fifth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  Our previous entry discussed the CCPAenergy, Brexit, and health privacy.  Next up:  trends in GDPR enforcement.

Out of all governmental agencies, state attorneys general are likely to have the greatest impact on privacy enforcement in 2020 for the average business. … More

Cybersecurity 2019 — The Year in Preview: New Attorneys General and Trends in State Data Privacy Laws

Editors’ Note:  This is the third in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year.  Our previous entries were on comparing the GDPR with COPPA and on energy and security.  Up next:  emerging threats.

Whether it was a Blue Wave or a “Big Victory,” the midterm elections unequivocally transformed state regulatory and enforcement landscapes by sweeping in four new Democratic Attorneys General and earning Democrats a majority of those key policymaking positions. … More