Maryland’s attorney general could make privacy rules despite lacking direct rulemaking authority from the Maryland Online Data Privacy Act (MODPA), WilmerHale’s Samuel Kane said Thursday during a webinar by Privado, a compliance vendor. That could tighten requirements under the state's comprehensive privacy law taking effect next month, the privacy attorney said. Meanwhile, MODPA is set to break ground for state privacy laws due to its unique data minimization provision, but companies can prepare now by more closely documenting how they use data, Kane said.
Draft regulations to implement the New Jersey Data Protection Act (NJDPA) may exceed the statute, said advertising, tech industry and news media groups in comments to the New Jersey attorney general’s office’s Division of Consumer Affairs. They suggested that New Jersey try to align more closely with other states that have comprehensive privacy laws.
Only grocery stores need to worry about a California bill on so-called “surveillance pricing” after legislators amended AB-446 on Friday. The Senate Appropriations Committee advanced the amended bill to the floor that day (see 2508290005).
A California bill to set notification deadlines for data breaches passed the Senate unanimously on Thursday and could be headed to the governor’s desk soon. The Senate passed SB-446 on May 28 and it’s been sailing through the Assembly on consent agendas since then (see 2508200033). Meanwhile, state fiscal hawks advanced many privacy and AI bills, while holding back some others, at committee meetings Friday.
Organizations outside of health care may feel less comfortable complying with a new Colorado law than entities already covered by the Health Insurance Portability and Accountability Act (HIPAA), Aleksandra Vold, a BakerHostetler health privacy attorney, told Privacy Daily.
California privacy enforcers may soon be “counting clicks” to make sure it doesn’t take more steps for consumers to opt out than to opt in, warned privacy attorney Webb McArthur on a Hudson Cook webinar Tuesday.
It’s time to start “operationalizing the laundry list of requirements currently in the Colorado AI Act because it looks like a last-minute reprieve is unlikely,” said Denver-based privacy attorney Josh Hansen of Shook Hardy, as state legislators returned for the fifth day of their special session Monday.
By the second day of a whirlwind special session in Colorado, state legislators had halved the number of proposals to amend the Colorado AI Act to two. On Thursday, House and Senate Business committees approved a variety of amendments to a pair of leading AI proposals before advancing them to each chamber’s Appropriations Committee.
One of the easiest requirements for enforcers to check for violations under new California Privacy Protection Agency (CPPA) rules is also simple for vigilant businesses to avoid, privacy lawyer David Stauss said during a Troutman webinar Thursday. As such, companies should immediately start displaying on websites that they are honoring universal opt-out preference signals, he said. Separately, Hintze privacy attorney Sam Castic warned that new risk assessment requirements go beyond rules in other states.
A California bill that sets data-breach notification deadlines will go to the Assembly floor and is racing toward passage by the legislature. At a livestreamed hearing Wednesday, the Assembly Appropriations Committee voted unanimously to add SB-446 by Sen. Melissa Hurtado (D) to the Assembly consent calendar, which is reserved for noncontroversial bills.