On March 7, 2025, the California Privacy Protection Agency (Agency) reached a settlement with American Honda Motor Co. (Honda) resolving allegations that the company violated the California Consumer Privacy Act (CCPA). The order required Honda to pay a $632,500 fine and implement changes to its data privacy practices. The Agency…
Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town. On July 1, Texas’ Data Privacy and Security Act goes into effect as one of the strongest…
On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York…
On Jan. 16, New Jersey Gov. Phil Murphy (D) signed the New Jersey Data Privacy Act into law. Its passage makes New Jersey the 14th state to adopt a comprehensive consumer data privacy law. Given the NJDPA’s nuances compared to other current state privacy laws, companies subject to the New Jersey law will have…
As we kick off 2024, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. Will AI continue to be the trendsetter, even among privacy regulators? And what will businesses do to keep up to date with all emerging laws,…
On September 11, 2023, Delaware Governor John Carney signed House Bill No. 154, referred to as the Delaware Personal Data Privacy Act (DPDPA), into law. With the passage of the DPDPA, Delaware became the thirteenth state to adopt a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, and Oregon. The DPDPA…
In January 2023, companion bills on “An act protecting reproductive health access, LGBTQ lives, religious liberty and freedom of movement by banning the sale of cell phone location information” were proposed in the Massachusetts House of Representatives (H357) and in the Senate (S148). This proposed legislation is also known as…
While data protection or privacy impact assessments may be familiar to businesses that process personal information of individuals from certain countries outside the U.S. — e.g., those in Europe — until recently, consumer privacy laws applicable to businesses in the U.S. have not mandated PIAs. PIAs help businesses identify risks that…
The legislative and regulatory landscape concerning minors’ privacy is becoming increasingly protective, adding new complexity and uncertainty for companies as they navigate a patchwork of requirements. The latest legislative trend aims to regulate use of social media by minors and provide parents with greater control over their children’s social media…
On April 27, Washington Gov. Jay Inslee signed into law the state’s sweeping health privacy bill – the My Health Data Act.[1] The act, which establishes a comprehensive privacy framework for entities that do business in the state and that handle consumer health data, will take effect less than a…