Privacy & Cybersecurity

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), has been further expanded under Governor Gavin Newsom. The signing of Assembly Bills 947 and 1194 expands the protection of sensitive personal information. Read more to find out the impacts of these bills and the Delete Act.

The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023.  In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.

Texas has joined the growing list of states enacting comprehensive consumer data privacy laws. Read more to learn about the business obligations and consumer protections this law sets.

Learn more about the FTC's recent policy statement regarding the collection of consumer's biometric information.

Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th.

In Montana, Governor Greg Gianforte signed the Montana’s Consumer Data Privacy Act (S.B. 384) (“MCDPA”) on May 19, 2023 – one of the strongest privacy bills signed in a red state.  Montana now becomes the ninth state to enact a comprehensive consumer data privacy law. 

Washington greatly expanded the protection for consumers’ identifiable health information by enacting the “My Health My Data Act” (MHMDA), in an effort to close the gap between HIPAA protections and the laws protecting the privacy and security of other consumer health care data. While MHMDA resembles the acts in both California and Illinois, it broadly applies to health information outside of traditional health care settings. In this article we answer frequently asked questions about MHMDA’s applicability and requirements.

Tennessee is expected to become the eighth or ninth state to enact a comprehensive data privacy law. Tennessee Information Protection Act (“TIPA”) is a unique safe harbor compared to other recently enacted laws: it offers an affirmative defense to businesses who create, maintain and comply with a written privacy program that “reasonably conforms” to the National Institute of Standards and Technology (“NIST”) privacy framework or “other documented policies, standards, and procedures designed to safeguard consumer privacy.”

Last month, three state legislatures passed comprehensive data privacy laws. This week, Indiana’s governor signed the Indiana Consumer Data Privacy Act (“ICDPA’) into law. Montana and Tennessee likely to follow right behind. These newcomers will join the six other states with data privacy statutes already enacted.

Generative artificial intelligence creates content and work efficiencies but also comes with legal pitfalls. Mintz Venture Capital & Emerging Companies Practice Co-chair Jeremy Glaser and Associate Lorena Niebla look at the technology's potential uses as well as risks related to data privacy, intellectual property, and more.