Keypoint: Florida moved one step closer to passing consumer data privacy legislation although differences between the House and Senate bills need to be resolved if the legislation is to pass the legislature.

On April 21, the Florida House of Representatives overwhelmingly passed HB 969 by a vote of 118 to 1. The bill was subsequently referred to the Senate Rules Committee.

Meanwhile, the Senate is still considering its version of consumer data privacy legislation, SB 1734. On April 9, the Senate bill was placed on the calendar for a second reading, but it has not moved since.

Continue Reading Florida House Passes Consumer Data Privacy Legislation

Keypoint: This week Florida’s two bills continued to progress, the Washington Privacy Act failed to pass out of the House at the deadline (but the bill sponsor says it is still alive), new bills were introduced in Pennsylvania and North Carolina, and Maryland’s bill died.

Below is our eighth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of April 19, 2021

Keypoint: President Biden shows a strong preference for the cybersecurity expertise of former National Security Agency (NSA) leaders with his choices for significant cyber roles within his administration.

On April 12, 2021, the White House announced that President Biden selected two individuals to join his administration in the area of cybersecurity. Mr. Chris Inglis is nominated to be the first national cyber director, and Ms. Jen Easterly is nominated to serve as the new director of the Cybersecurity and Infrastructure Security Agency (CISA). Both positions require confirmation by the U.S. Senate.

Continue Reading Biden Administration Names Key Leaders to Cybersecurity Positions

UPDATE: The below post discusses whether the Washington Privacy Act is still alive notwithstanding that the House failed to pass the bill prior to the April 11 deadline. In a tweet, bill sponsor Reuven Carlyle stated: “The bill remains alive through the end of the Legislative Session.”

Keypoint: This week bills in Florida and Connecticut continued to progress, the Washington Privacy Act failed to get out of the House at the deadline, and bills in Oklahoma and West Virginia died.

Below is our seventh weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of April 12, 2021

Keypoint: It was another busy week with developments in Washington, Florida, Oklahoma, Alaska, Nevada, and Rhode Island.

For the sixth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three notes.

First, we are pleased to announce the results of our poll on whether to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – the CDPA or VCDPA. By an overwhelming 85-15% margin readers prefer VCDPA to CDPA.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of April 5, 2021

Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits.

On March 11, 2021, Utah governor Spencer Cox signed the Cybersecurity Affirmative Defense Act, which creates affirmative defenses to certain causes of action arising out of a breach of system security.

Continue Reading Utah Gets a New Data Breach Defense Law

Keypoint: There were a number of notable developments this week: the Washington Privacy Act passed out of a house committee after adding a private right of action, there was more movement on the Florida and Connecticut bills, and Nevada lawmakers introduced companion bills that would expand the state’s right to opt out of sales.

For the fifth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.

First, there has been so much debate about what to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – that we started an online poll. Tell us whether you think the law should be called the CDPA or VCPDA. We will keep voting open until April 2 and release the results on our blog.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of March 29, 2021

On March 2, 2021, Virginia passed the Virginia Consumer Data Protection Act, creating the single most important privacy decision in 2021:

Should we call the new law the CDPA or the VCDPA?

People have very strong opinions. After all, acronyms are everything in privacy law (see, e.g., GDPR, CCPA, CPRA, HIPAA, COPPA, PIPEDA, BIPA, GLBA, LGPD).

We decided to have a little fun with this and created an online poll.  Click on the link and vote for your favorite. We’ll close voting on April 2 and release the results on our blog www.bytebacklaw.com.

Many thanks to Jedidiah Bracy from the IAPP for graciously letting us “borrow” his idea.

 

Keypoint: Proposed bills would amend Nevada privacy legislation to provide consumers with a broader right to opt out of sales.

In 2019 – shortly after the CCPA was enacted – Nevada amended its online privacy notice statutes, NRS 603A.300-360, to provide consumers with the right to opt out of sales. However, contrary to the CCPA’s broad definition of “sale,” the Nevada law defines sale narrowly as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”

Continue Reading Nevada Bills Would Broaden State’s Right to Opt-Out of Sale of Covered Information