Privacy and cybersecurity are incredibly dynamic, and in 2025 we have committed ourselves to a look ahead post every six months, with the next one in July 2025. The new Congress convened on January 3, 2025, and a new administration starts on January 20. Most state legislatures reconvene in early-to-mid January. If you track privacy
Children’s Online Privacy Regulations Develop, Amidst Challenges
“More needs to be done to create a safe online space for children to learn, explore, and play.”
This was the unanimous finding of the California legislature in 2022, and, since that time, other stakeholders have agreed. Voters, parents, the President, and legislators have all suggested that something will, and needs
The Confidentiality (or not) of Cyber-Forensics in a Data Breach
Data breaches are on the rise. So are the lawsuits that follow. This has led to an environment where cyber-forensics service providers are more important than ever. Clients seeking these services, however, often do so after becoming the unwilling victims of a data breach. And those circumstances create uncertainty for protecting — either as attorney-client
Just Around the Corner: The Utah Consumer Privacy Act (“UCPA”)
2023 has seen a flurry of general state privacy laws, with twelve (12) such laws now on the books. The next one to “go live,” on December 31, 2023, is the Utah Consumer Privacy Act (UCPA). With no general federal privacy law in sight, the state privacy landscape continues to get more crowded and challenging
Working with Artificial Intelligence: Privacy Pitfalls (and Opportunities)
As consumer demand for new artificial intelligence (“AI”) tools continues to grow, businesses must be prepared to build tools with “privacy by design” principles in mind, and to remain educated about privacy best practices and risk mitigation strategies when working with AI. The following areas provide the greatest opportunities to manage data privacy risks and
A New Consumer Personal Data Protection Law in Oregon
Q&A about the new Oregon consumer personal data protection law.
Continue Reading A New Consumer Personal Data Protection Law in Oregon
A New Consumer Data Protection Bill in Oregon: A Summary of SB 619
Earlier this month, the Oregon state legislature introduced Senate Bill (SB) 619, “relating to protections for the personal data of consumers.” The bill has since been referred to the Senate Committee on Judiciary and the Joint Committee on Ways and Means. Of course, Oregon would not be the first state to enact general, or omnibus, privacy legislation; to date, five states (California, Virginia, Colorado, Connecticut, and Utah) have done so, with the first two operative as of today. Likewise, Oregon is not the only state to introduce new omnibus privacy legislation this month. The introduction of this bill (and other general state privacy legislation) remains significant because the prospect for omnibus federal privacy legislation (in the near term) fizzled out when the 117th Congress adjourned.
No bill exists in a vacuum. Structurally, SB 619 generally follows the Virginia Consumer Data Protection Act (VCDPA), as do the laws enacted by Colorado, Connecticut, and Utah.
SB 619 is only 17 pages long, not as slim as the VCDPA (8 pages), but not as bulky as the California Consumer Privacy Act (59 pages). Unlike the CCPA, SB 619 does not reference any implementing regulations; however, implementing regulations could be added.
As with any omnibus state privacy bill, the proposed legislation raises some key questions:Continue Reading A New Consumer Data Protection Bill in Oregon: A Summary of SB 619
Class Action Suits Targeting Biometric Information Continue to Seek Large Payouts
To say that class action litigation regarding the use or collection of “biometric information” – such as fingerprints, face records, or voice records – is expensive would be a gross understatement. The damages sought, and sometimes recovered, in litigation under the Illinois Biometric Information Privacy Act and similar laws that impose statutory penalties can be
Executives Personally Sued for Data Privacy Incidents
If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect your own pocketbook. As governments across the globe continue to enact and enforce data privacy, data protection, and cybersecurity laws, data becomes more readily available, and the volume of incidents
NIST Releases a Standard for Privacy
As states fill the legal void for consumer privacy rights,[1] a new federal standard has emerged to assist companies with their compliance efforts. The National Institute of Standards and Technology (“NIST”) Privacy Framework (“PF”) was released last month to help organizations manage the risks associated with their data processing activities.
What the PF Does
Yahoo! Breach Class Action Poised to Settle
The Yahoo! class action over the 2013-2014 hacks, affecting 1 billion (later updated to 3 billion) accounts, is poised to settle for $85 million – and the provision of free credit monitoring services for 200 million account holders for 2 years.
While $85 million may seem like a relative bargain compared to the $350 million