Tag

Data Privacy & Security

Browsing

On July 18, Oregon Governor Tina Kotek signed SB 619 into law as the Oregon Consumer Privacy Act, making Oregon the eleventh U.S. state to enact consumer privacy legislation and the seventh in 2023 alone. The compliance deadline for for-profit entities is July 1, 2024. In Brief: The Oregon Consumer Privacy Act has no revenue threshold and applies to any person that conducts business in Oregon or provides products or services to Oregon residents and…

The Colorado Privacy Act is enforceable since July 1, 2023. Just as the California Attorney General has done through several sweeps (see here and here), the Colorado Attorney General, Phil Weiser, has announced through letters sent to business that enforcement of the Colorado Privacy Act has begun. The initial round of letters are meant to educate businesses on their new obligations, with particular emphasis on the collection and use of sensitive data and related prior…

With the new Washington state My Health My Data Act, you may wonder if any exceptions or exemptions apply to your organization (for an overview of the law, see here). As a reminder, the definition of consumer health data is broad: “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status” (the definition includes as an enumerated example any information…

Nevada Senate Bill 370 is the third US state law passed this year with specific obligations related to consumer health privacy. Just as with most obligations under the similar Washington state My Health My Data Act (summary here), regulated entities are required to comply with the Nevada law from March 31, 2024. Obligations specific to entities processing consumer health data are already operative in Connecticut since July 1, 2023 (summary here). The Nevada law is…

The Connecticut Data Privacy Act (CTDPA) is operative since July 1, 2023, and so are certain amendments that were signed into law as recently as June 26th, 2023. The amendments focus on protecting consumer health data and protecting minors, with additional consumer health data protections already operative but with some obligations related to minors becoming operative mid to late 2024. Additional Obligations for Processing Consumer Health Data As other omnibus US state privacy laws, the…

On July 10, 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). US companies that participate in the DPF will be deemed to provide “adequate protection” under Article 45 of the EU General Data Protection Regulation (“GDPR”) for personal data transfers received from the European Union (“EU”) and European Economic Area (“EEA”). Why did the EC need to adopt the adequacy decision for the DPF? As we have previously written, the…

Baker McKenzie recently hosted a roundtable discussion focused on Online Safety and Privacy for Children and Teenagers, led by Elizabeth Denham CBE, former UK Information Commissioner and consultant to our Toronto and London offices, and our California privacy and consumer protection partners Lothar Determann and Jonathan Tam. The session covered online youth protection laws and the perceived issues they’re intended to address, including protecting kids’ and teens’ mental health; the appropriateness of online materials and…

The US Office of the Director of National Intelligence (“ODNI”) announced today that it has fully implemented new safeguards under Executive Order 14086. See INTEL – ODNI Releases IC Procedures Implementing New Safeguards in Executive Order 14086. These steps clear the path for the European Commission to adopt the draft “adequacy decision” for cross-border data transfers pursuant to the EU-U.S. Data Privacy Framework. By way of brief background, in July 2020, the Court of Justice…

In brief The Colorado Privacy Act (C.R.S. 6-1-1301, et seq.) (the “CPA”) comes into effect on July 1, 2023. Earlier this year, the Colorado Attorney General promulgated final rules for implementing the CPA (4 CCR 904-3) (the “Rules”). The Rules provide insight as to how the Attorney General may interpret and enforce the CPA. In this alert, we highlight several key aspects of the CPA and the Rules to help businesses focus their compliance efforts.…

In Brief On May 1, 2023, Governor Eric Holcomb’s signed Indiana’s Consumer Data Protection Act into law, making Indiana the seventh US state to pass comprehensive consumer data privacy law — joining California, Iowa, Utah, Connecticut, Virginia, and Colorado (Tennessee has since enacted a consumer privacy statute; and Montana and Texas have passed laws that are currently awaiting their respective governors’ signatures). The Consumer Data Protection Act closely tracks prevailing trends in US state privacy…