Blogs

Privacy and Security related image, digital thumbprint

Perkins on Privacy

Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.

Subscribe

virtual landscape connectivity purples

December 17, 2024 Privacy Law Recap State Privacy Laws

Privacy Law Recap 2024: State Consumer Privacy Laws

U.S. privacy law continued to expand in 2024, both geographically and substantively. We now have 19 states with comprehensive consumer privacy laws (some of which are already in effect, while others become effective in 2025 and 2026). This recap focuses on the 10 state laws that were enacted or took effect this year, as well as the states that enacted meaningful updates.

Cellphone Privacy Security

December 13, 2024 Privacy Law Recap Data Security CCPA

Privacy Law Recap 2024: Data Security

Continued cyberthreats drove expanded data security and breach notification requirements in 2024. Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a significant impact on a wide swath of private companies in the year to come.

This Update outlines highlights of data security law in 2024.

Supreme Court

December 2, 2024 State Privacy Laws Privacy Compliance Privacy Litigation ECPA

Massachusetts Supreme Court Decision Raises Bar for Website “Wiretap” Suits

In recent months, a wave of lawsuits has swept across the nation, targeting websites for allegedly violating state wiretapping laws through their use of tracking software.

World Cybersecurity

November 26, 2024 CCPA Privacy Compliance State Privacy Laws Artificial Intelligence Data Security

Fasten Your Seatbelts: CPPA Proposes Rules on Automated Decision-Making and Cybersecurity Audits and Finalizes Data Broker Regulations

After much anticipation, on November 8, the California Privacy Protection Agency (CPPA) Board voted to advance proposed regulations for insurance, cybersecurity audits, risk assessments, and automated decision-making technology (ADMT) to formal rulemaking.

bell on front desk at hotel

November 7, 2024 Regulatory Enforcement Data Security Data Breach and Incident Response Federal Trade Commission

FTC and State Coalition Settle Data Breach Cases with Marriott

In 2018, Marriott announced a data breach affecting its Starwood reservation system, thought at the time to have affected up to 500 million people worldwide. These settlements arise from that incident, as well as two smaller incidents that also affected Starwood and Marriott. The FTC alleges these incidents exposed payment card information, unencrypted passport numbers, and loyalty account information, along with other information like names, dates of birth, and contact information.

AI finger touch screen

September 30, 2024 Data Breach and Incident Response Data Security

2024 Breach Notification Law Update: Unique New State Obligations and Widespread New Federal Obligations

Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to generally applicable state breach notification statutes were accompanied by steady sectoral activity at the state level and significant updates at the federal level, including new obligations from both the Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC).

Cellphone Privacy Security

September 25, 2024 Data Security

Cybersecurity for Lawyers: The NIST Cybersecurity Framework as a Tool and Reference

In this post in our series on basic cybersecurity concepts for lawyers, we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0.

Computer server room

August 30, 2024 Data Security

Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks

In this post in our series on basic cybersecurity concepts for lawyers, we address open-source software (OSS) supply chain risk.

Happy family together at home.

August 14, 2024 Data Security Regulatory Enforcement Children’s Privacy Federal Trade Commission

FTC Order Bans Anonymous Messaging App from Serving Minors

The Federal Trade Commission (FTC) and the Los Angeles County District Attorney announced a complaint and proposed stipulated order concerning the “NGL: ask me anything” anonymous messaging app.

laptop on a table

June 20, 2024 State Privacy Laws Privacy Compliance

A New Privacy Paradigm: Understanding Maryland’s Trailblazing Approach to Online Privacy

The end of Maryland's legislative session has ushered in one of the year's most ambitious and comprehensive consumer privacy laws.

Phone Call Communications

June 7, 2024 State Privacy Laws Privacy Compliance

Minnesota's Unique Spin on Consumer Data Privacy

Minnesota's governor signed the Minnesota Consumer Data Privacy Act (MNCDPA or the Act) into law at the end of May, making Minnesota the 18th state to enact a comprehensive consumer privacy law.

Computer Lock Security

May 22, 2024 Data Security

Clarifying Guidance on Abundance-of-Caution Disclosures under SEC Cybersecurity Rule

The Director of the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance issued a statement clarifying public companies' obligations to disclose cybersecurity incidents under Item 1.05 of Form 8-K.

Supreme Court Outside

February 15, 2024 State Privacy Laws Privacy Compliance

Two New States Enter the Privacy Fray

On January 16, 2024, New Jersey became the latest state to enact comprehensive privacy legislation with the New Jersey Data Privacy Act (NJDPA).

columns of court building

October 19, 2023 Children’s Privacy State Privacy Laws

California Law Requires Platforms To Take More Action Against Child Sexual Exploitation

California Governor Gavin Newsom recently signed AB 1394, a law that imposes new obligations on social media platforms to prevent and combat child sexual abuse and exploitation.

Woman on a laptop

September 19, 2023 Data Security Data Breach and Incident Response

Updating Corporate and Cybersecurity Practices To Satisfy the SEC’s Final Cybersecurity Disclosure Rules: Assessing Materiality of Cybersecurity Incidents

In the wake of the SEC's new rule requiring prompt disclosure of cybersecurity incidents, incident response (IR) teams have asked how they should modify IR plans to promote compliance with the new rule.