The Connecticut Data Privacy Act (CDPA), which became effective on July 1, 2023, provides Connecticut residents with certain rights over their personal information and establishes responsibilities and privacy protection standards for businesses that process personal information. Notably, the CDPA allows businesses a 60-day cure period to correct violations without penalties through the end of 2024.

This week, California’s governor signed a first-in-the-nation law that will impose new regulations on data brokers, requiring such entities to delete personal data pursuant to consumer requests. Data brokers specialize in collecting personal data or data about companies, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties

This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is

State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact privacy laws to protect consumers due to the absence of a federal privacy law.

Under each of the acts summarized below, consumers will have the right to access their personal data, the right to correct inaccurate data, the right to data portability, the right to have their data deleted, and the right to opt out of targeted advertising of personal data. Businesses will be required to practice purpose limitation, maintain data security, get consumer consent for data processing, and complete regular data impact assessments. Businesses will be barred from discriminating against consumers who exercise their rights under the law and will be required to secure data processing agreements with service providers. Similarly, these laws each exclude financial institutions or their affiliates that are governed by, or personal data that is collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act ; state bodies/agencies; nonprofit organizations; institutions of higher education; national securities associations registered with the SEC; and covered entities or business associates as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).Continue Reading Seven States Have Upcoming Privacy Laws 

The Federal Communications Commission’s (FCC) potential reversal of the Obama Administration’s ‘Net Neutrality’ rules have been a constant headline lately. Most media coverage goes to the core principals of net neutrality, including blocking, throttling and pay for priority of internet content; however, privacy is also a factor.

Primarily, the FCC issued broadband privacy rules in 2016 after its 2015 net neutrality rules. The broadband privacy rules amongst other things, required websites and internet service providers (ISPs) to use an opt-in system to share or sell customer’s personal information like web history data, app usage data, etc. The FCC’s ability to enforce such rules hinged on a major component of the net neutrality rules which designated ISPs as common carriers and allowed the FCC to apply Title II of the Communications Act to ISPs. 
Continue Reading The Reversal of Net Neutrality on Privacy 101