A company complying with Maryland’s data minimization standard would be in compliance with a similar measure proposed in a Massachusetts comprehensive privacy bill that’s moving quickly toward passage, said Massachusetts Sen. Michael Moore (D) on the floor Thursday. However, Moore also said he’s fine with Massachusetts being an “outlier” among the 20 states with privacy laws.
Although every state has a data breach notification law, each one imposes different regulations and reporting requirements, Emory Roane, associate director of policy at Privacy Rights Clearinghouse (PRC), said in a recent interview with Privacy Daily. While some protections exist at the federal level, a comprehensive breach law would help, as would data minimization principles, privacy pros added.
Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.
Massachusetts legislators removed a private right of action from a leading comprehensive privacy bill on Thursday.
Though creative plaintiffs' counsel saw early success, the tide is beginning to turn in favor of defendants in California Invasion of Privacy Act (CIPA) cases, said Douglas Bonner in a blog post. The Potomac Law Group lawyer added that these developments may chill future litigation claims under the statute.
Regulating AI should center on limiting the technology's potential risks, labor representatives and other advocates said during a session of the Massachusetts Joint Committee on Advanced Information Technology, the Internet and Cybersecurity. At a hearing Thursday, they said their goal includes protecting state residents from AI's possible harms while also letting them reap its benefits.
While companies often understand they risk incurring regulatory fines when they ignore data privacy, many underestimate the real cost of this approach, which includes the potential for lawsuits and class actions, said Bricker Graydon lawyer Nancy Magoteaux in a blog post Tuesday.
Misinformation and amendments derailed a bill on data-driven pricing, also called “surveillance pricing,” that was nearing the finish line in California. After Senate appropriators last week narrowed the legislation to apply only to grocery stores (see 2509020025), Assemblymember Chris Ward (D) punted AB-446 to next year, he said in a statement Thursday.
Consumers filed 214 complaints in the first year since the Oregon Consumer Privacy Act (OCPA) took effect, with many concerning online data brokers, according to a report from the state’s DOJ. The right to delete data was consumers' top complaint.
Congress should amend the Gramm-Leach-Bliley Act and preempt all state privacy laws from regulating financial services, the Mortgage Bankers Association (MBA) said in comments to the House Financial Services Committee.