Category Archives: State laws

Colorado’s Newly Released Data Privacy Regulations Get Specific Regarding Design and Technical Specifications

We have written previously regarding Colorado’s adoption of the Colorado Privacy Act (CPA)—describing its provision of consumer data rights, how it may function within the context of the cannabis industry, and how business might consider the law as they renew their insurance coverage. And all this before the state released regulations accompanying the CPA.

On March 15, 2023, the Colorado Attorney General filed the final rules implementing the CPA to go into effect July 1,… More

California Trails Closely Behind UK to Protect Children’s Privacy

Recently signed into law by California Governor Gavin Newsom on September 15, 2022, the California Age-Appropriate Design Code Act (“AADC”) changes the playing field for certain businesses that provide online services, products, or features accessible to children under the age of 18. Although California models its new law after the Children’s Code passed by the UK, the AADC is first state law of its kind in the US.… More

Federalism Rankles National Privacy Debate: California Weighs in on the proposed American Data Protection and Privacy Act

As states have continued to debate and pass new comprehensive privacy statutes – such as those in Virginia and Colorado – a common refrain from business leaders is the need for a comprehensive federal privacy statute that will lessen the need to comply with a patchwork of state laws.  Indeed, the absence of serious privacy protections at the federal level – something akin to PIPEDA in Canada or the GDPR in Europe – has long spurred states to act as online data gathering and brokering has grown and advanced well beyond what most extant federal law contemplates. … More

Colorado Privacy Act: The Cannabis Industry Prepares for Enforcement

As we wrote last year, Colorado is among the vanguard of privacy-focused states—including California, Washington, and Virginia—to adopt significant state-level privacy legislation.  One year out from enforcement of the Colorado Privacy Act (which begins on July 1, 2023), businesses should begin to put their compliance frameworks in place, as some of the Colorado Privacy Act’s significant requirements will need substantial investment beforehand to afford consumers the rights that they are guaranteed under the Act.… More

A Comprehensive Privacy Law May Be Heading for Massachusetts, And Businesses Should Prepare (originally on the MassTLC Blog)

Eds. Note:  This post was originally published on the MassTLC Blog.

Get ready: there’s a good chance that comprehensive data privacy legislation is coming to the Commonwealth.  If your business is not already compliant with the European Union’s or UK’s General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), then you might have some work to do.

Proposals for general data protection legislation are not new to Massachusetts;… More

The proposed Massachusetts Information Privacy and Security Act: Will This Be the Year Massachusetts Finally Updates Its Consumer Privacy Laws?

Since Massachusetts becoming a trailblazer among states with the passage of privacy legislation in 2007 and subsequent regulations, Massachusetts’ own privacy laws have been passed by those of other states, most notably California.  The proposed Massachusetts Information Privacy and Security Act (“MIPSA”) would bring Massachusetts back to the forefront of state regulation of privacy and data security.

The 65 page long bill would,… More

NYC Employers Face New Restrictions on Use of Artificial Intelligence in Hiring

As technological advances have given employers artificial intelligence (AI) based tools to assist them in the hiring process, New York City has taken note. Recently, New York City adopted a new measure restricting the use of artificial intelligence (AI) in hiring.

The law, which will go into effect on January 1, 2023, bars the use of AI-based hiring tools unless those tools have been subject to a bias audit.… More

First Circuit Creates Exception to Massachusetts Wiretap Statute Based on First Amendment Rights, Allows Citizens and Press to Record Police Activity Without Permission

The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by the First Amendment.   The opinion begins:

Massachusetts, like other states concerned about the threat to privacy that commercially available electronic eavesdropping devices pose,… More

Here Comes a New California Privacy Law! A Preliminary Look at the CPRA.

California voters on Election Day passed the California Privacy Rights Act (CPRA), an update and partial overhaul to the California Consumer Privacy Act (CCPA), the landmark 2018 privacy law.  The new CPRA strengthens existing privacy protections, particularly for certain categories of sensitive personal information, and creates an independent enforcement agency.  However, privacy advocates like the ACLU of Northern California and the Electronic Frontier Foundation came out against or refused to support the measure,… More

The Equifax/Massachusetts Attorney General Consent Judgment: A Guide for Privacy and Security Compliance

What do businesses need to do to comply with privacy and data security laws?  The first place to look is to relevant statutes.  If you store or process the personal information of Massachusetts residents, then you will at least be subject to the Massachusetts Data Breach Notification Statute and related security regulations.  These are important guides that require certain operational activities, such as maintaining a written information security program,… More

Cybersecurity 2020 — The Year in Preview: Top 3 State AG Trends to Watch in 2020

Editors’ Note:  This is the fifth in our fourth-annual end-of-year series examining important trends in data privacy and cybersecurity in the coming year.  Our previous entry discussed the CCPAenergy, Brexit, and health privacy.  Next up:  trends in GDPR enforcement.

Out of all governmental agencies, state attorneys general are likely to have the greatest impact on privacy enforcement in 2020 for the average business. … More

Cybersecurity 2019 — The Year in Preview: New Attorneys General and Trends in State Data Privacy Laws

Editors’ Note:  This is the third in our third annual end-of-year series examining important trends in data privacy and cybersecurity during the coming year.  Our previous entries were on comparing the GDPR with COPPA and on energy and security.  Up next:  emerging threats.

Whether it was a Blue Wave or a “Big Victory,” the midterm elections unequivocally transformed state regulatory and enforcement landscapes by sweeping in four new Democratic Attorneys General and earning Democrats a majority of those key policymaking positions. … More