It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws

Updates on the Evolving Data Protection Landscape
It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws
Most of the modern state data privacy laws have attempted to exclude from their jurisdictional reach organizations that process de minimis amounts of personal information. The state statutes create different thresholds for what constitute de minimis processing base those thresholds largely on whether the organization sells personal information. The net result is that most states…
In September 2021, Quebec’s Parliament enacted Law 25 (formerly Bill 64) (the “Law”), which updated Quebec’s data protection laws and added requirements for enterprises that do business within the province. Specifically, as of September 2022 companies should have 1) appointed a data protection…
GT Shareholders Gretchen A. Ramos, Co-Chair of the Global Data Privacy & Cybersecurity Practice, and Darren Abernethy will present the CLE webinar, “The Final CCPA Regulations: What You Need To Know,” March 2 at 12:00 p.m. PT. The webinar will provide an overview of key takeaways from the finalized proposed…
The Telephone Consumer Protection Act (TCPA) covers unsolicited calls and texts, aimed at protecting consumers from harassing and unwanted communications. With the April 2021 Facebook SCOTUS case[1] (see GT Alert) reducing the prevalence of some TCPA claims with private rights of action, new claims are starting to emerge as plaintiffs’ favorites.
One…
Modern data privacy statutes require that organizations inform individuals about the organization’s privacy practices by creating a privacy notice (sometimes referred to as a privacy policy or a notice at collection). Some data privacy statutes provide specific directions regarding how the privacy notice must be distributed. For example, the California Consumer Privacy Act and the…
On Jan. 27, 2022, Brazil’s Data Protection Agency (ANPD) adopted Resolution ANPD No. 2 (the “Resolution”), limiting Brazil’s Data Protection Law (LGPD) obligations on small entities.
Similar to the European GDPR, the LGPD categorizes businesses subject to the law as either “controllers” or “processors.” However, the LGPD also groups these two categories together…
GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.
Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA…
Recent developments from the ANPD provide insight into the path ahead.
On July 7, 2022, Brazil’s National Data Protection Authority (ANPD) published its semiannual Regulatory Agenda Monitoring Report. This report updated the public on the current status of the ANPD’s regulatory agenda. With the comment period for regulations on international data transfers officially closing June…
Modern state privacy laws mandate that agreements with service providers or processors contain specific contractual provisions to govern the parties’ relationship. Which provisions should be included in a vendor agreement, however, differ by state statute. In addition, some state privacy laws impose statutory obligations upon vendors that do not necessarily need to be memorialized in…