Privacy & Cybersecurity: Updates and Analysis
Tracking Global Legal Developments in the Quickly Evolving World of Privacy & Cybersecurity

Locke Lord’s Privacy & Cybersecurity Group provides topical, practical snapshots of recent developments in the fast-changing world of privacy, data protection and cyber risk management. Below are recent articles and blog posts covering key topics and geographies.

State Privacy Laws Comparison Chart (Download)


California/CCPA/CPRAColoradoConnecticutDelawareFloridaIllinoisIndianaIowaMontanaNew York/NY DFSNevadaOregonTennesseeTexasUtahVirginiaWashington StateNAIC Model Law/Uniform Laws/FederalUK/EU/GDPRHealth CareLitigation


 

California/CCPA/CPRA

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

The CPRA: A Missed Deadline Gives Companies a Break, July 2023

California Privacy Enforcement Will Heat up This Summer as the Agency Takes Control, June 2023

The CCPA’s 12-Month Look Back Period May Extend Beyond That, June 2023

Waiting on Guidance From the CPPA. What to Do in the Meantime?, June 2023

Lessons From the GDPR on the Sunset of the CCPA’s Personnel and B2B Exemptions, June 2023

State Privacy Update – Iowa, California, and the NAIC, April 2023

CCPA Enforcement: The Sephora Settlement Is Just the Start, December 2022

U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022

Why Warranty Providers May Explore CCPA Exemption, November 16, 2022

California Privacy Fall Update: Proposed Regulations and Fading Exemptions, September 2022

California’s Looming Privacy Deadline for Personnel and B2B Data, September 2022

Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022 

Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022

CCPA Quick Update: Certain Companies Must Report Consumer Request Metrics by July 1, 2021, Summer 2021

A Big Win for Walmart Helps Further Define the Scope of Data Breach Class Actions: Gardiner v. Walmart, Inc., March 2021

Ready or Not, Here it Comes: Litigation and Enforcement Issues Under The California Privacy Rights Act, February 2021

What’s in Store for Future CCPA Settlements After the Hanna Andersson Class Action, December 2020

The Murky Waters of the CCPA’s Private Right of Action: Real and Perceived Ambiguities Complicating Litigation, November 2020

CCPA Update: Final Proposed Regulations, Summer 2020

Deletion Completion Under the CCPA, May 2020

The Effective Date of the California Consumer Privacy Act of 2018 Has Come and Gone: What To Do Now?, April 2020

CCPA Proposed Regulations Are Out!, November 2019

Deletion Completion Under the CCPA, November 2019

Looking Ahead to the CCPA’s “Look Back” Requirement, November 2019

CCPA Amendments Are In! Draft CCPA Regulations are Out!, October 2019

California Legislature Amends CCPA and Creates Data Broker Registry, September 2019

CCPA Guide: Does Personal Information Include Employee and Employee Benefit Plan Data?, September 2019

CCPA Guide: Are You Covered by the CCPA?, August 2019

CCPA Guide: We Are Covered, So Now What Do We Do? Create a Project Plan!, August 2019

Verifying the Verifiable – Considering a “Verifiable Consumer Request” Under the CCPA, August 2019

Looking Ahead to the CCPA’s “Look Back” Requirement, August 2019 

CCPA Guide: Does Personal Information Include Employee and Employee Benefit Plan Data?, April 2019

CCPA Guide: We Are Covered, So Now What Do We Do? Create a Project Plan!, March 2019

CCPA Proliferation: Connecticut and other states propose to follow California’s lead on Consumer Privacy, March 2019

CCPA Guide: Are You Covered by the CCPA?, January 2019

California Consumer Privacy Act: A Priority for 2019, January 2019

California Amends Consumer Data Privacy Act, but Leaves Material Provisions Unchanged and Questions Unanswered, September 2018

Dropping another Stone in the Pond? California’s New Consumer Privacy Act, July 2018

Back to top


 

Colorado

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022

Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022

CCPA Proliferation: Connecticut and other states propose to follow California’s lead on Consumer Privacy, March 2019

Back to top


 

Connecticut

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022

Big Data for Insurers: Clarity About the New Connecticut Requirements, July 2022

Back to top


 

Delaware

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Back to top


 

Florida

New Restrictions on Storage of Electronic Healthcare Records in Florida, August 2023

Back to top


 

Illinois

New Illinois GIPA Class Actions Against Life Insurers Bark up the Wrong Family Tree, November 2023

BIPA’s Back in the News: Illinois Supreme Court Gives Unionized Employers Respite From Costly Privacy Law Claims, May 2023

The Illinois Supreme Court Goes to White Castle…, April 2023

BIPA and Insurance Coverage II – Are You Ready for Some Case Law?, December 2022

BIPA’s Scope Shaped by Courts With No Legislative Relief in Sight, July 2022

BIPA and Insurance Coverage – Play Ball!, July 2022

Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022

Beyond Borders: COVID-19 Highlights the Potential Widespread Impact of the Illinois Biometric Information Privacy Act (“BIPA”), May 2020

Back to top


 

Indiana

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Back to top


 

Iowa

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

State Privacy Update – Iowa, California, and the NAIC, April 2023

Back to top


 

Montana

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Back to top


 

New York/NY DFS

New Amendments to NY DFS Cybersecurity Regulation: Big Changes for Big Companies, and Other Implications, December 2023

New York DFS Cybersecurity Regulation Update: Amendments Proposed November 2022, December 2022

New York Department of Financial Services Looks to Raise the Floor – Again – on Cybersecurity Regulation, September 2022

Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022

NY DFS Releases Guidance on Multi-Factor Authentication, December 2021

FTC Proposes Amendments to Safeguards Rule to Track NY DFS Cybersecurity Regulation (and amendments to its Privacy Rule), March 2019

NY DFS Cybersecurity Compliance Certificate Required Today; Additional Requirements Looming, February 2018

Cybersecurity Reminder and Heads Up from NY DFS: File Cybersecurity Reg Compliance Certificates, and Prepare for Cybersecurity Questions in Exams, January 2018

New York DFS Cybersecurity Regulation Update: Lots Left to Do, December 2017

NY DEFS Cybersecurity Exemption Filings due October 30, October 2017

New York’s Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To-Do List, (originally appeared in Intellectual Property & Technology Law Journal), May 2017 

Back to top


 

Nevada

No sale! Nevada consumers may opt out of personal data sales, June 2019

Back to top


 

Oregon

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Back to top


 

Tennessee

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Back to top


 

Texas

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

Texas Data Privacy and Security Act, May 2023

Privacy Law Update: Texas to Study Entering the Fray, June 2019

Back to top


 

Utah

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022

Back to top


 

Virginia

U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023

U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022

Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022

Privacy Laws Begin to Ripple Across the States Following the California Consumer Privacy Act, Winter 2021

Back to top


 

Washington State

Washington State My Health, My Data Act, May 2023

Back to top


 

NAIC Model Law/Uniform Laws/Federal

NAIC’S Work on Privacy Model Grinds On, August 2023

NAIC Picking Up Steam As It Drafts New Privacy Model, June 2023

State Privacy Update – Iowa, California, and the NAIC, April 2023

NAIC Privacy Protections Working Group Moves Forward to Revise Consumer Privacy Protections Model Act, March 2023

CFPB’s Data Access Rulemaking Process: A Heads-Up to Covered Data Providers, December 2022

NAIC Insurance Data Security Model Law Update: Vermont Becomes 21st State, June 2022

Uniform State Privacy Law Moves Forward With New Approach, Winter 2021

Back to top


 

UK/EU/GDPR

New Mechanism for Cross-Border Data Transfer: The EU-U.S. Data Privacy Framework, December 2023

U.S.-U.K. Data Transfer Developments, December 2023

UK Online Safety Bill, April 2023

The NIS2 Directive: Towards a Firmer EU-wide Cybersecurity Framework, April 2023

European Data Protection Board Releases Guidelines on the Territorial Scope of the GDPR, November 2018

GDPR – The Great Data Protection Revolution Has Arrived, May 2018

GDPR – 100 Days to the Great Data Protection Revolution, February 2018

Are We Covered by the EU GDPR? A Warning for U.S.-Only Businesses, December 2017

Back to top


 

Health Care

New Restrictions on Storage of Electronic Healthcare Records in Florida, August 2023

Washington State My Health, My Data Act, May 2023

2022 HIPAA Enforcement Update – OCR Continues Focus on Rights of Access, February 2023

HHS Publishes Proposed Rule on ‎Confidentiality of Substance Use Disorder Records, January 2023

Office of Civil Rights Guidance on Recognized Security Practices Under the 2021 HITECH Act Amendment, December 2022

Back to top


 

Litigation

More Safe Harbor Protections for Navigating Cyber and Privacy Litigation, December 2023

Beware Common Website Technology Tools That Can Lead to Wiretap Claims, December 2023

“Trust the Process”? – Privacy and Cybersecurity Issues With Court Service of Process via NFT, September 2022

Facts Matter – TransUnion’s Impact on Privacy, Cybersecurity Litigation, July 2021

A Big Win for Walmart Helps Further Define the Scope of Data Breach Class Actions: ‎Gardiner v. Walmart, Inc., March 2021

Taking Stock of Non-Monetary Settlement Provisions, Winter 2021

Standing on Thin Ice? New Guidance on Standing for Data Breach Claims, March 2021

Ready or Not, Here It Comes: Litigation and Enforcement Issues Under the California Privacy Rights Act, February 2021

What’s in Store for Future CCPA Settlements After the Hanna Andersson Class Action, December 2020

WTF?! – Wire Transfer Fraud Litigation, November 2020

The Murky Waters of the CCPA’s Private Right of Action: Real and Perceived Ambiguities ‎Complicating Litigation, October 2020

Data Breaches, Leaked Documents and the Attorney-Client Privilege: Can the Bell Really Be Unrung?, September 2020

Back to top


Prior additional articles available on request.

Resource Centers

Visit our other Resource Centers for more information on these topics:

Helping Clients Leverage the Benefits of AI While Managing Business and Legal Risks

Tracking Significant Environmental Legal Developments in 2024

Helping U.S. and Non-U.S. Companies Recognize and React to Evolving U.S. Sanctions and Export Controls

Helping Clients Identify Opportunities and Navigate Eligibility Requirements Under the IRA

Navigating the Potential Global Impacts of the Biden Administration’s Policy Priorities

Preparing You for a Post-Pandemic Reality

Monitoring the Overall Impact of COVID-19