Cybersecurity & Privacy Blog

On October 25, 2023, New York Governor Kathy Hochul signed into law a bill (the “Act”) banning the sale of over-the-counter weight loss and muscle building supplements to children under the age of 18. This Act is the first law in the United States to ban the sale of such supplements to children and is set to take effect in April of 2024.

The new Connecticut data privacy law—inconveniently titled “An Act Concerning Personal Data Privacy and Online Monitoring” (hereinafter referred to as “CPDPA”) was signed into law on Tuesday, May 10, 2022 and will have an effective date of July 1, 2023. The CPDPA is moderately similar to both the Colorado Privacy Act (the “CPA”) and the Virginia Consumer Data Privacy Act (“VCDPA”), with only a few minor differences.

The CPDPA applies businesses that conduct business in the state of Connecticut or produce products or services targeted to residents of ...

The California Consumer Privacy Act (“CCPA”), which went into effect January 1, 2020, created rights and obligations related to the collection and sale of consumer personal data. The California Privacy Rights Act (“CPRA”) was a ballot measure that was approved by California voters on November 3, 2020. The CPRA significantly amends and expands the CCPA. Notably, the majority of the provisions revising the CCPA do not become “operative” until January 1, 2023, and enforcement will apply only to violations occurring on or after January 1, 2023.

On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) into law. The UCPA, which will become effective December 31, 2023, largely mirrors the Virginia Consumer Data Privacy Act (“VCDPA”), explained in more detail here, or Europe’s General Data Protection Regulation (“GDPR”).

The Colorado Privacy Act (the “CPA”) was signed into law on July 8, 2021 by Governor Jared Polis, only 6 months after Virginia enacted its data privacy law, the Virginia Consumer Data Privacy Act (“VCDPA”).

On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (the “VCDPA”) into law. The VCDPA, which will become effective January 1, 2023, creates rights and obligations related to the collection and processing of consumer personal data. While many of these rights are similar to what we have seen under the California Consumer Protection Act (“CCPA”) or Europe’s General Data Protection Regulation (“GDPR”), many rights, such as the right to appeal the denial of a consumer data request and the establishment of a 30-day cure ...

With the passing of the Utah Consumer Privacy Act and Connecticut Data Privacy Act, data privacy laws are back in the focus of business owners across America. Five states now have comprehensive data privacy protection for consumers—California, Virginia, Colorado, Utah, and Connecticut.

As we ring in the New Year, privacy professionals are collectively holding their breath: January 1, 2020 marked the effective date of the California Consumer Privacy Act, also known as the CCPA.

Every month, we see a new set of privacy best practices or a new set of regulations proposed or adopted by a state, Congress, the White House, or countries around the globe. The versions of best practices continue to multiply and the layers of regulation continue to expand. Every new group or political entity wants to out-perform the last – but has this one-upmanship gone too far?

September 2018 was a busy month for data privacy. We expect the next several months to be extremely active as well, especially with the number of new complaints and data breach notices filed in Europe since May. We will continue to monitor and update developments as the data privacy framework continues to evolve.