Probably not.

Most modern state privacy laws attempt to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. While the specific thresholds differ between states, many of the new statutes only apply to organizations that control or process personal information relating to at least 100,000

Following on the heels of a California Superior Court’s last minute ruling that stayed enforcement of the revised California Consumer Privacy Act (CCPA) regulations, as previously discussed on this blog, California’s data privacy regulators have responded in ways that confirm they are more committed than ever to holding businesses accountable for alleged violations

On June 6, 2023, Florida Gov. Ron DeSantis signed into law SB 262, which grants Florida consumers certain rights relating to the processing of their personal data by businesses. Parts of SB 262 will come into effect in 2023.

This blog post aims to interpret the types of entities and individuals that will be

On April 27, 2023, Washington’s Governor signed Washington’s My Health, My Data Act (“WMHMDA” or “Act”). Starting March 31, 2024, most entities subject to the Act will have certain obligations towards consumer health data,[1] including providing consumers with the right to access their information, withdraw their consent to certain processing, and request the deletion

On April 27, 2023, Washington’s Governor signed Washington’s My Health, My Data Act (“WMHMDA” or “Act”). Beginning March 31, 2024, most entities subject to the Act will have certain obligations towards consumer health data,[1] including providing consumers with the right to access their information, withdraw their consent to certain processing, and request the deletion

It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws

Most of the modern state data privacy laws have attempted to exclude from their jurisdictional reach organizations that process de minimis amounts of personal information. The state statutes create different thresholds for what constitute de minimis processing base those thresholds largely on whether the organization sells personal information. The net result is that most states

Bill 25 Requires Immediate Action and a Compliance Plan for This Year

In September 2021, Quebec’s Parliament enacted Law 25 (formerly Bill 64) (the “Law”), which updated Quebec’s data protection laws and added requirements for enterprises that do business within the province. Specifically, as of September 2022 companies should have 1) appointed a data protection

GT Shareholders Gretchen A. Ramos, Co-Chair of the Global Data Privacy & Cybersecurity Practice, and Darren Abernethy will present the CLE webinar, “The Final CCPA Regulations: What You Need To Know,” March 2 at 12:00 p.m. PT. The webinar will provide an overview of key takeaways from the finalized proposed

The Telephone Consumer Protection Act (TCPA) covers unsolicited calls and texts, aimed at protecting consumers from harassing and unwanted communications. With the April 2021 Facebook SCOTUS case[1] (see GT Alert) reducing the prevalence of some TCPA claims with private rights of action, new claims are starting to emerge as plaintiffs’ favorites.

One