Archives: US State Law

Subscribe to US State Law RSS Feed

California Consumer Privacy Act of 2018: Will You Be Ready?

Effective January 1, 2020, a new game-changing privacy law will go into effect in California:  the California Consumer Privacy Act of 2018 (CCPA). The law will have profound implications for companies that collect personal information, as that term is broadly defined, about California consumers, even if the Company is not based in California. For many … Continue Reading

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal … Continue Reading

New Data Breach Notification Law in Nebraska

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or … Continue Reading

Seventh Circuit: victims of data breaches have Article III standing to litigate class action lawsuits

By Amanda Fitzsimmons, Jim Halpert and Chelsea Mutual To date, an overwhelming majority of courts have dismissed data breach consumer class actions at the outset due to a lack of cognizable injury-in-fact, an essential element for standing under Article III of the US Constitution. In Remijas v. Neiman Marcus Group, a decision issued Monday, a … Continue Reading

New York Department of Financial Services Releases Report on Cybersecurity in the Insurance Industry; announces new targeted cybersecurity assessments for insurance companies

Written by Kate Lucente and Tara Swaminatha On February 8, 2015, the New York Department of Financial Services released its Report on Cyber Security in the Insurance Sector, and announced that it will begin conducting targeted cybersecurity assessments of New York-regulated insurance companies. Read the full Report here. “Recent cyber security breaches should serve as … Continue Reading

Florida Information Protection Act of 2014 Goes Into Effect; Regulator Notification Required

Effective July 1, 2014, Florida has repealed its existing data breach law in favor of a new, more stringent, law. Florida has joined the list of states requiring notice to regulators:  specifically, an entity must notify the Department of Legal Affairs of any breach affecting 500 or more Florida residents as soon as possible, but no later … Continue Reading

California Issues Guidance To Companies on Disclosing Privacy Practices

Written By:  Michelle Anderson This week, California Attorney General (AG) Kamala Harris released a series of recommendations designed to help businesses make their privacy policies meaningful to consumers: Making Your Privacy Practices Public.  As interpreted by the AG’s Office, a “meaningful” privacy policy is one that helps consumers “make informed decisions about which companies they … Continue Reading

California Passes Law Giving Minors an “Eraser Button”

On September 23, California Gov. Jerry Brown signed SB 568 into law, a bill that gives minors in California the right to require that Internet companies delete content posted online by the minors.  This concept is sometimes referred to as an online “eraser button.”  The law takes effect Jan. 1, 2015. The law does not give minors the … Continue Reading

Tales from the (En)crypt(ed): What Happens to Your Online Account Information When You Die?

Have you ever wondered what happens to your online account information when you die?  Well, in a few days, the Uniform Law Commission (ULC) will be considering this very issue – fiduciary access to digital assets – at its annual meeting in Boston, MA. The ULC has been working on a draft uniform state law … Continue Reading


Written by Scott W. Pink and Carissa L. Bouwer California has long been a leader in legislative efforts to protect online privacy rights of consumers.  California passed the nation’s first security breach disclosure law, the first law requiring online privacy policies, and more recently, the first set of privacy guidelines for mobile app providers.  This year … Continue Reading

FTC Chair Edith Ramirez Give First Public Privacy Talk: Discusses Enforcement Efforts and FTC Priorities

During an interview conducted by DLA Piper’s Jim Halpert at the IAPP Privacy Summit in Washington, DC, new FTC Chair Edith Ramirez offered her first public discussion about her vision of FTC actions on privacy since being sworn in as FTC Chair five days earlier. Speaking on Friday, March 8, Chair Ramirez emphasized the importance … Continue Reading

2013 Off to a Busy Start: State Lawmakers Introduce Numerous Privacy-Related Bills

Barely six weeks into the new year and already we are seeing numerous bills introduced in the state legislatures. These bills are wide ranging, and address topics such as data breach notification, written information security policies, privacy policies, and use of social security numbers, among others.  Perhaps one of the more intriguing bills is California Assembly … Continue Reading


California Attorney General Kamala Harris has issued mobile app privacy best practices guidelines that could have significant effects on the mobile marketplace. The AG’s report, “Privacy on the Go: Recommendations for the Mobile Ecosystem,” encourages app developers and other players in the mobile industry to consider privacy issues at the start of the development process … Continue Reading

Privacy and Mobile Apps: California Attorney General Brings Privacy Suit

Written by:  Perrie Weiner, Joshua Briones and Kimberly Hyde In prior posts, I have stated that 2012 appears to be the year of the mobile app.  As the year draws to a close, this continues to be true — indeed, after warning mobile app providers that they must comply with California’s law regarding privacy policies, … Continue Reading

The Year of the Mobile App — Senate Advances Geolocation Tracking Bill

As 2012 comes to a close, it seems like 2012 has been the year of the mobile app.  In 2012, we have seen numerous bills regarding privacy and data security as well as cybersecurity, but the one that actually is moving alone pertains to mobile apps.  On Thursday, the Senate Judiciary Committee approved geolocation legislation … Continue Reading

Contracts Deconstructed: What “Shall” We Do?

Recently, I have heard many attorneys and experts in legal writing touting the importance of eliminating the use of the term “shall” in contracts.  Generally speaking, this may seem like the right approach given that “shall” may be interpreted to mean something that could be done or “shall” may be interpreted to mean something that has to be done.  But, no matter … Continue Reading

Contracts Deconstructed: Gross Negligence and Willful Misconduct

Negotiations related to gross negligence and willful misconduct seem to be trending this past fall.  So, I thought I’d take this opportunity to revisit what these phrases actually mean in the context of commercial contracting.   In many agreements, gross negligence and willful misconduct are “carve-outs” in the limitation on liability provision.  What do I mean by a “carve-out” on … Continue Reading

Mobile App Providers Warned — Post Privacy Policies

The California Attorney General has made good on her promise to apply the state’s privacy laws to mobile app providers.  Under the California Online Privacy Protection Act, operators of commercial websites and online services that collect personal information are required to conspicuously post privacy policies.  Attorney General Kamala Harris has stated that the law also … Continue Reading

States Amend Security Breach Laws: Adopt Stringent Attorney General Notification Requirements

Both Vermont and Connecticut recently have amended their data breach security laws, imposing more stringent requirements on entities that experience a data breach.  Effective July 1, 2012, under Vermont’s revised data breach law, entities that experience a data breach affecting Vermont consumers now must notify the Attorney General within 14 business days of discovery of … Continue Reading

Maryland General Assembly Tells Employers That They Cannot Request Social Network Passwords

The Maryland General Assembly has passed a bill, which, if signed into law by the Governor, would prohibit employers from requesting social network log in information from employees and prospective employees. The bill also prohibits employers from taking, or threatening to take, action against employees that refuse to provide social network passwords. The Maryland House … Continue Reading