Yesterday, Virginia became the second state after California to pass a comprehensive privacy law when Governor Ralph Northam signed the Consumer Data Protection Act (CDPA). The CDPA contains many elements found in the California Consumer Privacy Act (CCPA) and other proposed privacy frameworks, as well as a number of new requirements for businesses. Please see […]
Virginia Ready to Pass First State Privacy Statute after CCPA
Both houses of Virginia’s legislature recently passed the Virginia Consumer Data Protection Act (S.B. 1392; H.B. 2307) (the “VCDPA”). If approved by the state governor, the VCDPA would become the United States’ second comprehensive state privacy law behind the California Consumer Privacy Act (CCPA). The VCDPA is similar to the CCPA and the European Union’s […]
Brazil’s General Data Protection Law: A Comparison Between Brazil’s Newly Effective Law and the GDPR
Brazil’s General Data Protection Law (the “LGPD”), a law similar to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective. On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, […]
California Passes Bill Extending Exemptions for Employment and Business-to-Business Information Under the CCPA
On Friday, August 28, the California state legislature passed Assembly Bill 1281 (“AB 1281”), potentially extending until January 1, 2022 the partial exemptions for employment and business-to-business data under the California Consumer Privacy Act (the “CCPA”). AB 1281 only takes effect if the California Privacy Rights Act of 2020 (the “CPRA”), an initiative to amend […]
The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation
On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]