Attorneys general from Minnesota and New Hampshire joined states’ Consortium of Privacy Regulators, the California Privacy Protection Agency (CPPA) said Wednesday.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
The $1.35 million California enforcement action against Tractor Supply Co. this week raised the bar for privacy compliance, emphasizing that privacy laws and rights extend beyond consumers, privacy lawyers and advocates said in interviews with Privacy Daily. The California Privacy Protection Agency (CPPA) found that the country's largest rural lifestyle retailer violated the California Consumer Privacy Act (CCPA) in several instances, including how it handled candidates for employment (see 2509300010).
A comprehensive privacy bill passed the Pennsylvania House with "noteworthy" applicability thresholds and categories of sensitive data, a Philadelphia-based privacy attorney said Thursday. The state House also passed a bill Wednesday that would add a private right of action to the state’s data breach notification law.
New privacy regulations took effect in Maryland and various other states on Wednesday. Read our coverage of the new requirements, including:
Montana became the third state to regulate neural data as an amendment to the state’s genetic privacy law took effect Wednesday, adding to a trend of states overseeing the neurotechnology space (see 2508180034). On the same day, amendments to Montana’s comprehensive privacy law took effect, expanding its scope and introducing more protections for children.
The Trump administration’s creation of large government databases consolidating the sensitive personal information of millions of Americans in an attempt to purge voter rolls is unlawful, according to a class-action lawsuit filed Tuesday by the Electronic Privacy Information Center (EPIC), League of Women Voters and others.
Uncommon and broadly applicable data minimization requirements in the Maryland Online Data Privacy Act (MODPA) could pose major compliance challenges for companies when the law takes effect Wednesday, privacy attorneys representing businesses said in interviews. Some advertisers could opt out of the Maryland market rather than comply with the state's comprehensive privacy law, said David LeDuc, Network Advertising Initiative (NAI) public policy vice president.
A company complying with Maryland’s data minimization standard would be in compliance with a similar measure proposed in a Massachusetts comprehensive privacy bill that’s moving quickly toward passage, said Massachusetts Sen. Michael Moore (D) on the floor Thursday. However, Moore also said he’s fine with Massachusetts being an “outlier” among the 20 states with privacy laws.
While Rhode Island’s comprehensive privacy law might not take effect for a few months, companies should remember that the state won’t give them a chance to cure violations before penalties apply, DarrowEverett privacy attorney Bria Dupuis warned in a blog post Wednesday.