We have written previously regarding Colorado’s adoption of the Colorado Privacy Act (CPA)—describing its provision of consumer data rights, how it may function within the context of the cannabis industry, and how business might consider the law as they renew their insurance coverage. And all this before the state released regulations accompanying the CPA.
On March 15, 2023, the Colorado Attorney General filed the final rules implementing the CPA to go into effect July 1,… More
Recently signed into law by California Governor Gavin Newsom on September 15, 2022, the California Age-Appropriate Design Code Act (“AADC”) changes the playing field for certain businesses that provide online services, products, or features accessible to children under the age of 18. Although California models its new law after the Children’s Code passed by the UK, the AADC is first state law of its kind in the US.… More
As states have continued to debate and pass new comprehensive privacy statutes – such as those in Virginia and Colorado – a common refrain from business leaders is the need for a comprehensive federal privacy statute that will lessen the need to comply with a patchwork of state laws. Indeed, the absence of serious privacy protections at the federal level – something akin to PIPEDA in Canada or the GDPR in Europe – has long spurred states to act as online data gathering and brokering has grown and advanced well beyond what most extant federal law contemplates. … More
As we wrote last year, Colorado is among the vanguard of privacy-focused states—including California, Washington, and Virginia—to adopt significant state-level privacy legislation. One year out from enforcement of the Colorado Privacy Act (which begins on July 1, 2023), businesses should begin to put their compliance frameworks in place, as some of the Colorado Privacy Act’s significant requirements will need substantial investment beforehand to afford consumers the rights that they are guaranteed under the Act.… More
Eds. Note: This post was originally published on the MassTLC Blog.
Get ready: there’s a good chance that comprehensive data privacy legislation is coming to the Commonwealth. If your business is not already compliant with the European Union’s or UK’s General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), then you might have some work to do.
Proposals for general data protection legislation are not new to Massachusetts;… More
Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California. The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.
The 65 page long bill would,… More
As technological advances have given employers artificial intelligence (AI) based tools to assist them in the hiring process, New York City has taken note. Recently, New York City adopted a new measure restricting the use of artificial intelligence (AI) in hiring.
The law, which will go into effect on January 1, 2023, bars the use of AI-based hiring tools unless those tools have been subject to a bias audit.… More
On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023, it contains robust provisions that businesses will need some time to prepare for.
The CPA draws many principles from and has a similar framework to the California Consumer Privacy Act (CCPA),… More
The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment. The opinion begins:
Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More
California voters on Election Day passed the California Privacy Rights Act (CPRA), an update and partial overhaul to the California Consumer Privacy Act (CCPA), the landmark 2018 privacy law. The new CPRA strengthens existing privacy protections, particularly for certain categories of sensitive personal information, and creates an independent enforcement agency. However, privacy advocates like the ACLU of Northern California and the Electronic Frontier Foundation came out against or refused to support the measure,… More
What do businesses need to do to comply with privacy and data security laws? The first place to look is to relevant statutes. If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations. These are important guides that require certain operational activities, such as maintaining a written information security program,… More
Editors’ Note: This is the fifth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year. Our previous entry discussed the CCPA, energy, Brexit, and health privacy. Next up: trends in GDPR enforcement.
Out of all governmental agencies, state attorneys general are likely to have the greatest impact on privacy enforcement in 2020 for the average business. … More
On January 10, 2019, Massachusetts Governor Charlie Baker signed a new law that amends its data breach reporting law, and requires credit reporting agencies such as Equifax to provide a free credit freeze to consumers. The new law, “An Act Relative to Consumer Protection from Security Breaches,” also requires companies to offer up to three years of free credit monitoring to victims of a security breach,… More
Editors’ Note: This is the third in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Our previous entries were on comparing the GDPR with COPPA and on energy and security. Up next: emerging threats.
Whether it was a Blue Wave or a “Big Victory,” the midterm elections unequivocally transformed state regulatory and enforcement landscapes by sweeping in four new Democratic Attorneys General and earning Democrats a majority of those key policymaking positions. … More