A data breach bill containing a private right of action split the Pennsylvania House Commerce Committee by political party at a livestreamed hearing Tuesday. The panel voted 14-12 to clear an amended HB-997, with Democrats voting yes and Republicans voting no.
The California Privacy Protection Agency (CPPA) dressed down national menswear retailer Todd Snyder with a $345,178 fine Tuesday for alleged violations of the California Consumer Privacy Act (CCPA). Closely following CPPA action last March against Honda, the Todd Snyder case is more than an enforcement action. It also “highlights a trend by this agency of looking beyond surface compliance with the CCPA,” Wiley privacy attorney Joan Stewart told us. The agency’s board adopted the enforcement decision May 1.
Maine should follow “where the puck’s going” on comprehensive privacy laws in the states, said the legislature's joint Judiciary Committee House Chair Amy Kuhn (D) during the panel's hearing Monday. That means adopting a bill, like Kuhn’s LD-1822, based on data minimization rather than notice and consent, she said. However, two alternative Maine privacy bills would follow the approach included in state privacy laws prior to Maryland’s comprehensive law.
Comments are due June 2 on revised draft rules for the California Privacy Protection Agency’s rulemaking on automated decision-making technology (ADMT), risk assessments, cybersecurity, insurance and other rule changes, the CPPA decided Thursday.
The CPPA is pushing ahead with a rulemaking to implement a mechanism where consumers can request to delete their personal data, Executive Director Tom Kemp told the CPPA board at a livestreamed Thursday meeting. The agency announced last week that comments in the proceeding are due June 10 and there will also be a hearing that day (see 2504250012).
A possible Vermont version of Daniel’s Law (H-342) is “not dead, but it is not moving,” state Rep. Monique Priestley (D) said Thursday on Vermont Perspective, a radio show on WDEV. After the show, Priestley told us in a phone interview that another piece of legislation, her comprehensive privacy bill, remains “very much in play.”
California Privacy Protection Agency Chairperson Jennifer Urban raised concerns Thursday about the extent of recent changes to draft rules on automated decision-making technology (ADMT), cybersecurity and other issues. “We’ve really cut to the bone, in terms of what is in line with the statute's requirements for the regulations we need to do, and in terms of the relative value to businesses and the relative value to the people … whose personal information is at stake,” she said at a livestreamed CPPA board meeting Thursday. Staff said the new draft reduced potential business costs in the first year by nearly two-thirds.
Microsoft supports regulatory efforts to simplify compliance with privacy laws globally, said Cari Benn, the company’s associate general counsel-privacy, accessibility and regulatory affairs, in an interview last week at the IAPP Global Privacy Summit. Meanwhile, as Microsoft embraces AI, it's striving to apply privacy principles to the emerging technology.
The Maine Judiciary Committee’s top Democrats unveiled a comprehensive privacy bill Tuesday that contains data minimization language similar to the Maryland Online Data Privacy Act. Judiciary House Chair Amy Kuhn (D) and Senate Chair Anne Carney (D) introduced LD-1822 with five Democratic colleagues.
Alabama Rep. Mike Shaw (R) is “trying to see if there's any hope” of passing his comprehensive privacy bill in the Senate given limited time left in the session, Shaw told us on Friday. The lawmaker said he’s willing to wait until next year if necessary.