In the seventh episode of our Legislating Data Privacy series, we talk with Connecticut Senator James Maroney.

Senator Maroney is the author of Senate Bill No. 893, which would have granted Connecticut residents various privacy rights regarding their personal data.

In this episode, Senator Maroney discusses the fascinating path of S.B. 893 during the 2021 legislative session. He also provides background on S.B. 893 and what to expect in the 2022 session. Senator Maroney is clearly an expert in this field and offers incredible insight to anyone interested in emerging state privacy law.

Click here to listen to the full interview.

Oklahoma Privacy BillKeypoint: The 2022 legislative session of proposed state consumer privacy legislation kicks off with the filing of a new bill in Oklahoma.

On September 9, 2021, Rep. Collin Walke (D) and Majority Leader Rep. Josh West (R) filed the Oklahoma Computer Data Privacy Act of 2022. The Oklahoma legislature is not scheduled to convene until February 7, 2022, such that there is ample time for policymakers and lobbyists to study the bill. We spoke with Representative Walke earlier this year about his goal of passing a privacy law in 2022.

In an accompanying press release, Representative Walke stated: “The National Security Commission on Artificial Intelligence explained that America is ill-prepared for the next decade of technological development, and part of that is due to a lack of governmental action in regulating things like data privacy. It is time that we heed the advice of security experts like the National Security Commission and pass meaningful data privacy legislation. We must be part of the solution and not the problem.”

In 2021, the Oklahoma House passed another privacy bill but it did not make it out of the Senate Judiciary Committee. According to Rep. Walke, the 2021 version will still be alive when the 2022 legislative session convenes such that Oklahoma lawmakers will have two bills to consider.

Below is an overview of the 2022 bill (as introduced).

In addition, members of Husch Blackwell’s privacy and data security practice will be hosting a webinar on September 28 to discuss developments in U.S. privacy law, including the 2022 Oklahoma bill. Click here to register.

Continue Reading 2022 Oklahoma Computer Data Privacy Act Filed

Over the past few months, there have been numerous developments in U.S. and international privacy law. In the United States, Colorado and Virginia passed consumer privacy laws, and California voters passed a substantial amendment to the CCPA. Abroad, the European Commission issued new standard contractual clauses for cross-border data transfers, and China and Brazil are enacting new laws.

Join us on Tuesday, September 28, 2021, for a live webinar exploring these new developments. Topics include:

  • Update on proposed state consumer privacy legislation and expectations for the 2022 legislative session
  • Status of California Consumer Privacy Act (CCPA) enforcement
  • Update on the California Privacy Rights Act (CPRA), including the creation of the California Privacy Protection Agency and upcoming rulemaking process
  • Status of the Virginia Consumer Data Protection Act and Colorado Privacy Act
  • Analysis of the European Commission’s new standard contractual clauses for cross-border data transfers and what it means for U.S. companies
  • Update on new developments in Brazil and China

Click here to register.


In the sixth episode of our Legislating Data Privacy Series, we talk with Joseph Duball, staff writer at the International Association of Privacy Professionals.

In 2021, no one covered state privacy legislation more than Joe Duball. If there was a committee hearing or floor debate, Joe was listening and reporting. In his work contributing to the IAPP’s daily news alerts, Joe published articles on every major state privacy law development in 2021, many times interviewing the lawmakers who were making the decisions.

In this wide-ranging interview, Joe discusses how he kept track of all the proposed bills, his thoughts on the 2021 session, and what he expects to happen when legislatures reconvene in 2022. If you are interested in state privacy legislation, do not miss this interview.

Click here to listen to the full interview.

Keypoint: A detailed analysis of the Attorney General’s twenty-seven published examples of noncompliance notices sent during the first year of CCPA enforcement reveals key learnings for CCPA compliance efforts.

In July, the California Attorney General published twenty-seven “illustrative examples” of noncompliance notices it sent to businesses during its first year of enforcing the CCPA. The examples provide a rare glimpse into the Attorney General’s enforcement priorities.

The office sent enforcement notices to a wide range of businesses spanning a variety of industries. The alleged violations primarily concerned privacy policy disclosures, consumer requests, and opt-out of sale requirements. Other noncompliance topics included service provider contracts and “just in time” notices.

Below is an analysis of the published enforcement examples. The office emphasizes, however, that the information provided “does not include all the facts of each situation and does not constitute legal advice.”

Continue Reading CCPA Update: Analysis and Key Takeaways from AG’s Example Enforcement Cases

In the fifth episode of our Legislating Data Privacy series, we talk with Florida Republican Representative Fiona McFarland.

In April, the Florida legislature was on the cusp of enacting consumer privacy legislation after both its House and Senate passed bills, although it ultimately was unable to pass a bill before adjourning. Representative McFarland was in the middle of this debate as the primary author of HB 969. A first term elected official, Representative McFarland threw herself into data privacy legislation, leaning on her prior experience in the Navy.

In this far-reaching interview, Representative McFarland discusses, among other topics, what happened behind-the-scenes with the Florida bills, her opinion on how data privacy legislation should be enforced, and the prospect for Florida to pass privacy legislation next year.

Click here to listen to the full interview.

In the fourth episode of our Legislating Data Privacy series, we talk with Arizona Representative Domingo DeGrazia.

Representative DeGrazia is the author of HB 2865, which would have granted Arizona residents various privacy rights regarding their personal data.

In this fascinating interview, Representative DeGrazia – a CIPP/US – discusses the challenges of running consumer privacy legislation in Arizona and his hopes for passing legislation next year. He also discusses the Uniform Law Commission’s Uniform Data Protection Act and his thoughts on whether he will run that legislation next year. Representative DeGrazia also talks about his opinions on enforcement, the role of states versus the federal government in passing privacy legislation, and the future of privacy legislation in the United States.

Click here to listen to the full interview.

Keypoint: Businesses that sell personal information under the CCPA are now required to honor Global Privacy Control signals.

In an update to its CCPA FAQs, the California Attorney General’s office has stated that businesses that sell personal information must honor Global Privacy Control (GPC) signals.

Continue Reading California AG Requires Businesses to Recognize GPC Signals for Requests to Opt Out of Sales

Keypoint: As introduced, the Ohio Personal Privacy Act would provide Ohio residents with some rights regarding their personal data, but it is not as extensive as the CPRA, CPA, and VCDPA.

As first reported by the IAPP’s Joe Duball, on July 13, 2021, Ohio lawmakers introduced the Ohio Personal Privacy Act (House Bill 376).

The bill’s primary sponsors are Republicans Rick Carfagna and Thomas Hall. The bill also has eight Republican co-sponsors in the House. For reference, Republicans have overwhelming majorities in Ohio’s House and Senate, and Ohio has a Republican Governor. In announcing the introduction of the bill, Kirk Herath, Chairman of CyberOhio, emphasized the large group of individuals involved in crafting the bill, including Ohio Lt. Governor Jon Husted. Ohio’s legislature closes in December.

Below is an analysis of the bill (as introduced).

Continue Reading Ohio Personal Privacy Act Introduced

Keypoint: On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act into law, making Colorado the third state to pass broad consumer privacy legislation.

On July 7, 2021, Colorado officially became the third state to pass broad consumer privacy legislation when Governor Jared Polis signed the Colorado Privacy Act (CPA) into law. The Colorado legislature previously passed the CPA on June 8. The CPA will go into effect on July 1, 2023.

Once effective, covered entities will be required to provide Colorado residents with various privacy rights, including the right to access, correct, and delete their personal data and to opt out of the sale of their personal data. Covered entities also will need to provide privacy policy disclosures and create data protection assessments for certain types of processing activities. For a full discussion of the CPA, please see our webinar here.