Publications & Events

US Data Privacy Guide

In 2019, the US data privacy framework was significantly changed with the emergence of the California Consumer Privacy Act which created a significant compliance burden for most businesses that collect personal information about California residents. Since then, activity at the state level has increased as more states look to establish data privacy laws in the absence of a comprehensive data privacy law at the federal level. Currently, Virginia, Colorado, Utah and Connecticut are set to join California as states with comprehensive data privacy laws. This US Data Privacy Guide provides insight on these and other US data privacy laws.



Connecticut Lends Its Hand to U.S. Data Privacy Framework

Connecticut lends its hand to US data privacy framework: Our US Data Privacy and Cybersecurity team evaluates this latest addition to the US data privacy law framework against other emerging state data privacy laws in the US along with a checklist for achieving compliance with the law.

The Utah Consumer Privacy Act: Utah Becomes Fourth US State with Comprehensive Privacy Law

Continuing efforts at the state level to establish a data privacy framework in the US, a fourth state has passed a comprehensive consumer privacy law. Utah has joined the ranks of Colorado, California and Virginia after Governor Spencer Cox signed the Utah Consumer Privacy Act ("UCPA") on March 24, 2022. The legislation is set to take effect well after other state data privacy laws, on December 31, 2023. Read the full article here »

Taking Your First Steps: Key Compliance Tasks to Kick-start Compliance with California and Virginia Data Privacy Laws

As state and federal legislatures across the United States continue to contemplate comprehensive data protection legislation, two pending laws—the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA)—are set to become effective on January 1, 2023. Read the full article here »



Colorado Privacy Act: US Consumer Data Privacy Framework Continues Expansion

Colorado has joined California and Virginia in enacting comprehensive data privacy legislation after Governor Jared Polis signed the Colorado Privacy Act into effect yesterday.  The enactment of the Colorado Privacy Act continues the trend of state legislatures guiding the development of the general consumer data privacy framework in the US. The legislation is set to take effect on July 1, 2023. Read the full article here »

Virginia joins California in regulating consumer information: Virginia enacts the Consumer Data Protection Act

On March 2, 2021, Governor Ralph Northam of Virginia signed the Consumer Data Protection Act ("CDPA") into law, after it passed both houses of the legislature with overwhelming support.  This new legislation is set to take effect on January 1, 2023, and extends consumer data protections and business obligations that are quite similar to the California Consumer Privacy Act ("CCPA") and the upcoming California Privacy Rights Act ("CPRA"). Read the full article here »



Before the Dust Settles: The California Privacy Rights Act Ballot Initiative Modifies and Expands California Privacy Law

Hot on the heels of the California Attorney General's rulemaking process for the California Consumer Privacy Act ("CCPA"), California voters have passed a ballot initiative to expand and create new privacy rights for consumers. Most of the California Privacy Rights Act ("CPRA") will not take effect until January 1, 2023, giving weary businesses some lead time for their compliance efforts. In this client alert, we set out the key changes for businesses to be aware of as they look forward to meeting their obligations under the CPRA. Read the full article here »

Building a Robust Biometric Compliance Program in the US: A Five-Step Checklist

As companies across industries continue to take advantage of existing and emerging technologies that involve the collection and use of human biometric identifiers, corporate privacy programs must take into account the unique legal and compliance concerns associated with this form of personal data. Currently, the state of Illinois has the most mature regulation, which is heavily litigated and aggressively enforced. Illinois is not alone among states, however, and we anticipate biometric privacy rights will expand across the US in the years to come. Read the full article here »

The California Consumer Privacy Act Regulations Are Finally Here, But Wait There's More…

On August 14, 2020, California's Office of Administrative Law ("OAL") approved the final version of the implementing regulations for the California Consumer Privacy Act ("Final Regulations"). The approval of these final regulations caps off a long period of uncertainty and establishes specific content and administrative compliance obligations for businesses subject to the California Consumer Privacy Act ("CCPA"). The regulations are effective immediately. Read the full article here »

UK Business Exposure To The California Consumer Privacy Act 2018 ("CCPA")

The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US; it may apply to businesses based in the UK depending on the level of interaction with California residents and their personal information. Businesses based in the UK should understand the CCPA exposure risk, since the compliance requirements differ in some material ways from the General Data Protection Regulations ("GDPR") and the UK Data Protection Act 2018 ("DPA 2018"). Read the full article here »

Do Turkish Companies Have to Comply With the California Consumer Privacy Act ("CCPA")?

Your business complies with the General Data Protection Regulation ("GDPR") and/or Turkish Personal Data Protection Law numbered 6698 and its secondary legislation ("PDPL"); but does it comply with the California Consumer Privacy Act ("CCPA"), which took effect on January 1, 2020? If your company needs to comply with the CCPA, some crucial differences should be taken into account in privacy compliance management. Read the full article here »



CCPA 100-Day Compliance Checklist: It's Not Just About the Privacy Policy

Time is running out to comply with the California Consumer Privacy Act (CCPA). Companies must take a number of steps to ensure they meet the January 1, 2020 deadline, and updating the website privacy policy is only one aspect of our 9-step CCPA readiness checklist. Read the full article here »



A Slice of GDPR in California?

The CCPA's passage comes at a time when many US companies with international operations are still dealing with the significant compliance burden associated with the General Data Protection Regulation ("GDPR") and, despite some similarities, the CCPA will place additional burdens on businesses that are subject to both regimes. We carefully analyze the new obligations imposed by the CCPA on covered businesses. Read the full article here »

CCPA and GDPR: Comparison

For many multinational businesses, understanding both the similarities and the differences between the CCPA and the GDPR will be a key component to efficiently managing compliance across both regimes. Read the full article here »



View our White & Case Technology Newsflash page


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2022 White & Case LLP