On March 18, 2022, Indiana Governor Eric Holcomb signed into law an amendment to Indiana’s data breach notification statute requiring breach notification within 45 days of discovery of a breach. The amendment will take effect on July 1, 2022.
Continue Reading Indiana Amends State Data Breach Notification Law
Personal Data
Federal Court Approves $1.1 Million TikTok Settlement Over Children’s Privacy Claims
On March 25, 2022, the U.S. District Court for the Northern District of Illinois approved a $1.1 million settlement with TikTok Inc. to resolve claim that TikTok collected children’s data and sold it to third parties without parental consent. …
Continue Reading Federal Court Approves $1.1 Million TikTok Settlement Over Children’s Privacy Claims
CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
On March 29 and 30, 2022, the California Privacy Protection Agency will hold public pre-rulemaking informational sessions regarding the California Privacy Rights Act via video conference.
Continue Reading CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law
On March 24, 2022, Utah became the fourth state in the U.S., following California, Virginia and Colorado, to enact a consumer data privacy law, the Utah Consumer Privacy Act. The law will take effect on December 31, 2023.
Continue Reading Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law
FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
On March 15, 2022, the FTC announced a proposed settlement with custom merchandise platform CafePress in connection with the company’s alleged failure to implement reasonable security measures, and its alleged attempt to cover up a 2019 data breach. …
Continue Reading FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
California Assembly Introduces Bills to Extend CCPA/CPRA Exemptions for HR and B2B Data
On February 18, 2022, California Assembly Member Evan Low introduced a pair of bills that would extend the duration of the current exemptions in the CCPA/CPRA for certain HR data and business-to-business customer representative personnel data from most of the law’s requirements. …
Continue Reading California Assembly Introduces Bills to Extend CCPA/CPRA Exemptions for HR and B2B Data
FTC Settles Children’s Privacy Case with WW (formerly Weight Watchers)
The Federal Trade Commission has reached a settlement with WW International, Inc. and Kurbo, Inc. over allegations the companies improperly registered children for the “Kurbo by WW” online weight loss management program. In pleadings filed on February 16, 2022, in federal court in the Northern District of California, the FTC claims WW and Kurbo offered…
Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act
On January 28, 2022, in celebration of Data Privacy Day, the Colorado Attorney General’s Office issued prepared remarks from Colorado Attorney General Phil Weiser and published guidance on data security best practices, including discussing his office’s plans for implementing the Colorado Privacy Act.
Continue Reading Colorado AG Publishes Guidance on Data Security Practices and Announces Upcoming Rulemaking Under the Colorado Privacy Act
CNIL Published Guidelines on Re-Use of Personal Data by Data Processors
The CNIL recently published guidelines on the re-use of personal data by data processors for their own purposes (such as product improvement or development of new products and services) under the GDPR. We have outlined key takeaways from the Guidelines in this blog post.
Continue Reading CNIL Published Guidelines on Re-Use of Personal Data by Data Processors
India’s Draft Data Protection Bill Moves Closer to Passage
In December, the Indian Joint Parliamentary Committee submitted its report on India’s draft Data Protection Bill. The Bill is now likely to be passed by Parliament in its next session, beginning in February 2022, and likely will enter into force in the first half of 2022. This blog entry examines certain key aspects of the revised Bill.
Continue Reading India’s Draft Data Protection Bill Moves Closer to Passage