Baker McKenzie’s North America Privacy Team is excited to present Privacy Bingo: US State Law Edition – offering an interactive way to help you navigate the complexity of the data privacy landscape across the US. With numerous states to date that have now passed comprehensive privacy laws, we developed a set of bingo cards ā one per state ā that allows you to compare certain features of each state law in a compact format. Each…
In brief Surrounded by an improbable retinue of country music stars and state lawmakers, on March 21, 2024 Tennessee Governor Bill Lee signed HB 2091, which amends the stateās right of publicity statute to create the Ensuring Likeness, Voice, and Image Security Act of 2024 (the āELVIS Actā). The ELVIS Act is billed as the first law to protect āsongwriters, performers, and music industry professionalsā voice from the misuse of artificial intelligence.ā The ELVIS Act…
On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy lawāand the second state to do so in January. Following enrolmentāa formality to excise clerical errorsāthe bill will move to Governor Chris Sununuās desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…
Organizations subject to the Washington State My Health My Data Act (generally any organization with physical premises in Washington, and many organizations without it) are preparing for compliance by March 31, 2024. And should, in addition to the overall compliance requirements and immediate action items, be aware that the Washington Attorney General updated its guidance on the requirements for a consumer health privacy policy. Section 4(1)(b) of the My Health My Data Act explicitly provides…
New Jersey is the 13th US State to Pass Comprehensive Consumer Privacy Legislation Consistent with our prediction that 2024 will bring a significant crop of new state consumer privacy laws, the New Jersey legislature recently became the 13th state to pass a comprehensive privacy statute. On January 8āthe final day of its 2022-2023 legislative sessionāthe Senate passed bill S332. Once enactedāeither with Governor Phil Murphy signing the bill or after 45 days if he takes…
The California Privacy Protection Agency (āCPPAā) held a public board meeting on December 8, 2023. As discussed in our previous article, the CPPA is in the process of preparing Draft Regulations on Cybersecurity Audits, Risk Assessments and Automated Decision-Making Technology. The Rules Subcommittee provided updates on these regulations, and Board members provided their feedback on the drafts. Key Takeaways Regarding CCPA Cybersecurity Audit Regulations Key Takeaways Regarding CCPA Risk Assessment Regulations Key Takeaways Regarding CCPA…
If your organization does business across the U.S. and collects consumer health data (broadly defined, health inferences generated from non-health data count), compliance with U.S. state consumer health privacy laws is just around the corner. Consumer health privacy laws in Nevada (Senate Bill 370) and Washington (the My Health My Data Act) become fully operative for regulated entities on March 31, 2024. Requirements specific to consumer health data are already operative in Connecticut. Here are…
If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act On October 10, 2023, California Governor, Gavin Newsom, signed Senate Bill 362, referred to as the Delete Act, into law. The Delete Act amends existing data broker laws to subject all data brokers to new registration and disclosure requirements…
As we previously covered in a post earlier this month, the California Privacy Protection Agency (āCPPAā) has published draft regulations on risk assessments and cybersecurity audits required by the California Consumer Privacy Act (āCCPAā), as amended by the California Privacy Rights Act (āCPRAā). On September 8, the CPPA held a public board meeting that included discussion of select portions of the regulations. Prior to the meeting, the board circulated copies of the draft regulations for…
In Brief On September 11, 2023, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act (HB 154) into law, making Delaware the twelfth US state to pass a consumer privacy law (and the seventh in 2023 alone). Like Connecticut, Colorado and Indiana, Delawareās new law occupies a middle ground between detailed privacy regimes like the California Consumer Privacy Act (CCPA, as modified by the California Privacy Rights Act) and more business-friendly mandates like…