State and Local

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act. The public feedback includes comments from various companies, industry associations, and other interested parties. The Agency intends to have additional informational hearings to gather more feedback. Its October meeting minutes suggest that […]

On December 15, 2021, the New Jersey Acting Attorney General Andrew J. Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with New Jersey-based providers of cancer care, Regional Cancer Care Associates LLC, RCCA MSO LLC, and RCCA MD LLC (collectively, “RCCA”), over alleged failures to adequately safeguard patient data. In […]

State attorney general Peter Neronha is investigating why the Rhode Island Public Transit Authority did not identify those affected by an August data breach until late October, and didn’t notify them until December 21. The breached files contained information about RIPTA health plans and included personal information such as identification numbers, addresses, dates of birth, […]

Virginia edges closer to its privacy law January 2023 implementation. A new working group report gives some insight on implementation focus. The working group is tasked with giving advice on implementing the Virginia Consumer Data Protection Act. It held a series of meetings with companies and other stakeholders throughout the year. This current report summarizes […]

As the year comes to an end, consider whether your business is required to make an annual privacy policy update and share updated consumer metrics under the CCPA. Businesses subject to the CCPA are also required to update their online privacy policies “at least once every 12 months.” For many businesses that make these updates […]

The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices and recommendations prior to the VCDA’s January 2023 implementation. The report identifies 17 points of emphasis around the VCDA, including amending the budget to fund staff to lead enforcement, enabling the […]

Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized with the Office of the Commissioner of Insurance will have to abide by a new data security law, which came into force on November 1. This bill had previously been introduced in the 2019-2020 legislative session and was passed by the assembly […]

California’s Governor recently signed into law three new bills impacting CCPA and privacy in California, including: AB 335, which exempts from the CCPA and CRPA the right to opt out vessel information or ownership information retained or shared between a vessel dealer and the vessel’s manufacturer, if the information is shared for the purpose of […]

In July, Connecticut passed a largely unnoticed new law that followed in the footsteps of Ohio and Utah in limiting damages by creating affirmative defenses for business that experience a data breach after implementing a qualifying cybersecurity program (also referred to as a written information security program). As of October 1, a Connecticut business that […]

Before the CCPA became enforceable on July 1, 2020, much ink was spilled (or many keys were hit) about the California Office of the Attorney General’s ability to obtain civil penalties for CCPA violations. After that date, privacy lawyers waited with bated breath for OAG enforcement actions to start rolling in. But then, very little […]