On April 27, 2023, Washington’s Governor signed Washington’s My Health, My Data Act (“WMHMDA” or “Act”). Starting March 31, 2024, most entities subject to the Act will have certain obligations towards consumer health data,[1] including providing consumers with the right to access their information, withdraw their consent to certain processing, and request the deletion

On April 27, 2023, Washington’s Governor signed Washington’s My Health, My Data Act (“WMHMDA” or “Act”). Beginning March 31, 2024, most entities subject to the Act will have certain obligations towards consumer health data,[1] including providing consumers with the right to access their information, withdraw their consent to certain processing, and request the deletion

It is important to always confirm and understand all the various requirements of laws applicable to the sensitive personal information being processed.
Continue Reading Processing Sensitive Personal Information under U.S. State Privacy Laws

All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners. Most modern privacy statutes recognize, however, that privacy risks are reduced when the third party is related to the organization from which the data originates. As the following chart

Most of the modern state data privacy laws have attempted to exclude from their jurisdictional reach organizations that process de minimis amounts of personal information. The state statutes create different thresholds for what constitute de minimis processing base those thresholds largely on whether the organization sells personal information. The net result is that most states

Three modern privacy statutes incorporate the concept that individuals should be able to broadcast a signal from their browser or device that directs an organization to cease providing their personal information to third parties for the purposes of targeted advertising.

The regulations implementing the CCPA, as amended by the CPRA, require organizations to process “opt-out

The 2023 Midwest Legal Conference on Data Privacy and Cybersecurity will take place in Minneapolis Feb. 6-7, featuring coverage on new developments in the industry and cutting-edge practice tips.

On Feb. 7, Greenberg Traurig Shareholders Stephen Baird and David A. Zetoony will present the session “Demystifying AdTech – How to Stay Compliant with Ever Changing

Modern data privacy statutes require that organizations inform individuals about the organization’s privacy practices by creating a privacy notice (sometimes referred to as a privacy policy or a notice at collection). Some data privacy statutes provide specific directions regarding how the privacy notice must be distributed. For example, the California Consumer Privacy Act and the

The California Consumer Privacy Act and the California Privacy Rights Act specifically state that they do not restrict a business’s ability to collect, use, retain, sell, share, or disclose “aggregated consumer information.”[1] Aggregate consumer information is defined as “information that relates to a group or category of consumers, from which individual consumer identities have

The IAPP Privacy. Security. Risk. 2022 Conference will focus on the intersection of privacy and technology, with sessions focused on adtech, artificial intelligence, big data, cybersecurity, and more.

Please join Data, Privacy & Cybersecurity Shareholder Darren Abernethy, a panelist on the “Managing your Marketing Program with New Global and State Laws” session, on Oct.