Utah Governor Spencer Cox is expected to signed SB 152, which was passed by both the House and Senate as of March 13, 2023. With this bill, Utah would join California in passing legislation designed to protect children from online harms. However, unlike the California Age-Appropriate Design Code, the Utah law will provide
CyberAdviser
Blog Authors
Latest from CyberAdviser
The Iowa Senate and House Pass a Consumer Data Privacy Rights Bill
On March 15, 2023, the Iowa House passed Senate Bill 262 on a 97-0 vote. The Bill had previously passed the Iowa Senate on March 6, 2023. If ultimately signed by Iowa Governor Kim Reynolds, Iowa would join California, Colorado, Connecticut, Utah, and Virginia as the sixth U.S. state with a comprehensive consumer data privacy…
Managing Legal Issues From the Use of ChatGPT and Generative AI
The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new, next-generation OpenAI large language model. While these tools have demonstrated that generative AI has tremendous operational and business potential,…
Colorado Finalizes CPA Regulations
On March 15, the Colorado Attorney General’s Office finalized the Colorado Privacy Act regulations. The finalized regulations track the draft rules. The rules will go into effect July 1, 2023.
The UK Publishes Bill to Update UK GDPR
On March 8, 2023, the U.K. Secretary of State for Science for Innovation and Technology announced the publication of the Data Protection and Digital Information (No.2) Bill. This new version of the Data Protection and Digital Information bill will effectively supersede the prior draft, which was first published in July of 2022.
The…
Illinois Supreme Court: BIPA Damages Accrue with Each Collection
In a landmark decision that will have widespread effects, the Illinois Supreme Court ruled that a claim accrues each time—rather than just the first time—that data is collected in violation of the Biometric Information Privacy Act (BIPA). Because BIPA provides statutory damages for each violation, this ruling exponentially increases potential damages, especially in the employment…
Webinar Recording – 2023 Preview for Privacy and Data Security
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal cyber-regulations, new state laws governing children’s data and new EU legislation regulating digital services – privacy lawyers will be…
California Enforcement Sweep Targets Mobile Apps
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Banta alleges failed to comply with the California Consumer Privacy Act (CCPA). This sweep focused specifically on “popular retail, travel, and food service industry apps” that failed to comply…
Privacy Policies Under the Colorado Privacy Act—Still a New Purpose-Driven Approach
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy would also be compliant with the Colorado Privacy Act (“CPA”). And, as the Colorado Attorney General has made clear, interoperability is an important guiding…
Heightened Cybersecurity Requirements for Medical Devices Passed Into Law
Many privacy professional may have missed it, but In the run-up to the New Year — while many U.S. companies were focused on complying with the California Privacy Rights Act (CPRA) — Congress passed an appropriations bill that contains significant new cybersecurity requirements for medical device companies. The Omnibus Appropriations Bill, which was…
2023 Privacy and Data Security Preview
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection…
Privacy, Cybersecurity and Access to Beneficial Ownership Information: FinCEN Issues Notice of Proposed Regulations Under the Corporate Transparency Act

A Deep Dive Into FinCEN’s Latest Proposals Under the CTA
On December 16, the Financial Crimes Enforcement Network (“FinCEN”) issued a 54-page notice of proposed rulemaking (“NPRM”) regarding access by authorized recipients to beneficial ownership information (“BOI”) that will be reported to FinCEN under the Corporate Transparency Act (“CTA”). The CTA requires covered entities –…
The Cost of a Click: Microsoft fined 60 Million Euros by French Privacy Watchdog for French Data Protection Act Violations
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the “Loi Informatique et Libertés”). Article 82 is France’s implementation of the EU’s ePrivacy Directive, and it generally requires that any…
Colorado Releases Revised Privacy Rules
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules.
We will be providing in-depth analysis in coming days and weeks, but at first review, the revised rules appear to represent a fine-tuning as opposed to a complete overhaul. Some of these changes – such as additional flexibility…
Pennsylvania Amends Data Breach Notification Law
In early November, Pennsylvania amended its data breach notification law broadening the definition of personal information. The amendment adds “health insurance information” and “medical information” as data elements that could trigger breach notification requirements. Coupled with this addition is a breach notification exception for businesses that are (1) subject to and (2) in compliance with…
European Court Puts the Brakes on AML Directive: Public Access to Beneficial Ownership Database Violates European Privacy Laws

Ruling Could Influence FinCEN in Forthcoming Regulations Under the CTA
On November 22nd, an appeals court in Luxembourg issued a decision that highlights the tensions between anti-money laundering (“AML”) goals and privacy concerns, and could impact impending beneficial ownership regulations to be issued under the U.S. Corporate Transparency Act (“CTA”). Specifically, the appeals court decided…