On May 10, Gov. Ned Lamont signed into law Substitute Senate Bill 6 (Public Act 22-15), Connecticut’s version of comprehensive consumer data privacy legislation. This makes Connecticut the fifth state to enact such legislation, following California, Virginia, Colorado, and Utah. The Act will go into effect July 1, 2023.
Posts tagged as “privacy compliance”
There remain over 30 comprehensive consumer data privacy bills pending in the states, but some are falling off the chart as the legislative sessions come to an end. While the number of active bills is decreasing, there is one new state data privacy law, and others that continue to show movement.
On March 24, Utah Gov. Spence Cox signed into law SB 227, the Utah Consumer Privacy Act. This makes Utah the fourth state, behind California, Virginia, and Colorado, to enact comprehensive consumer data privacy legislation.
There are currently over 40 comprehensive consumer data privacy bills pending in the states as we enter the third month (for most states) of the legislative sessions.
The Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge.
Despite the national and global events that took center stage in 2021, the upward trend in data privacy legislation at the state level continued and with the addition of the amendments to the Safeguards Rule, 2022 brings new compliance challenges for many businesses and financial institutions.
On July 6, Colorado Gov. Jared Polis signed into law Senate Bill 21-190, the Colorado Privacy Act. This makes Colorado the third state, behind California and Virginia, to enact comprehensive consumer data privacy legislation. The act becomes effective July 1, 2023.
The U.S. Court of Appeals for the Eleventh Circuit recently affirmed a trial court’s ruling that, under Florida law, a policy exclusion that barred coverage for claims arising out of an invasion of privacy also unambiguously excluded coverage for claims alleging violations of the federal Telephone Consumer Protection Act, when the complaint specifically mentioned invasions of privacy.
On March 15, the California Office of the Attorney General announced that additional regulations relating to the California Consumer Privacy Act (CCPA) had been approved, effective immediately.