State Attorneys General

On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach

On September 15, 2022, California Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act. The Act, which takes effect July 1, 2024, places new legal obligations on companies with respect to online products and services that are likely to be accessed by children under the age of 18.
Continue Reading California Enacts the California Age-Appropriate Design Code Act

On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations.
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million

On August 24, 2022, the California Office of the Attorney General announced a new wave of enforcement efforts targeted at business’ recognition of the Global Privacy Control, and issued an updated summary of recent CCPA enforcement efforts.
Continue Reading California AG Provides Summary of Recent CCPA Enforcement Actions, with Focus on Global Privacy Control

On July 1, 2022, the California Privacy Protection Agency sent U.S. House of Representatives Speaker Nancy Pelosi a memo outlining how H.R. 8152, the bipartisan American Data Privacy and Protection Act, would lessen privacy protections for Californians, and California Democrats have joined the cause.
Continue Reading California Privacy Protection Agency Issues Memo Opposing Federal Privacy Legislation, and California Democrats Join the Cause

On June 21, 2022, the Colorado Attorney General’s Office announced it is seeking informal input from the public on its rulemaking related to the Colorado Privacy Act (“CPA”). Before starting its formal rulemaking process, the Office has indicated it wants to better “understand the community’s thoughts and concerns about data privacy.”

Continue Reading Colorado AG Seeks Public Input on CPA Rulemaking