So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
New Jersey’s Office of Consumer Protection delayed until Sept. 2 the deadline to submit comments on draft rules for implementing the New Jersey Data Privacy Act (NJDPA), according to the office’s website. The comments were previously due Aug. 1.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
There has been a quiet shift recently where state privacy enforcement is often aided behind the scenes by private law firms, according to a Tuesday blog post from Frankfurt Kurnit attorneys. These firms typically develop the case and can even appear in the final complaint filed in court, lawyers Daniel Golberg and Holly Melton wrote.
The Office of the Australian Information Commissioner will focus on sectors and technologies that compromise rights and create power and information imbalances, Information Commissioner Elizabeth Tydd said Tuesday as the OAIC released its 2025-2026 agenda.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.
The Minnesota Consumer Data Privacy Act, which goes into effect this Thursday, gives consumers new rights and requires that businesses follow stricter measures to protect personal data, said Attorney General Keith Ellison (D) and Rep. Steve Elkins (D), who authored the law.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
A Massachusetts bill that would protect sensitive information in data breaches cleared the Joint Committee on Advanced IT, the Internet and Cybersecurity on Monday. The panel referred H-93 to the House Ways and Means Committee.
Companies operating in Latin America should be aware that data protection authorities (DPAs) there are increasing guidance and enforcement, said panelists during a webinar Tuesday sponsored by TrustArc, a privacy compliance vendor.