This summer, a proposed amendment to the Controlled Substances Act known as the Cooper Davis Act (the “act”) is making its way through congressional approvals and causing growing dissension between and among parents, consumer safety advocates, and anti-drug coalitions on one hand, and the DEA, privacy experts, and constitutional scholars on the other.

As currently

California, home to the highest number of registered vehicles in the U.S., is at the forefront of a critical issue – the privacy practices of automobile manufacturers and vehicle technology firms.

The California Privacy Protection Agency (CPPA), the state’s privacy enforcement authority, has messaged that it is launching an enforcement initiative. This initiative seeks to

The Department of Defense Inspector General (DoDIG) recently released its “Audit of the DoD’s Implementation and Oversight of the Controlled Unclassified Information [CUI] Program” (DODIG-2023-078). The audit highlights some of DoD’s challenges in implementing the CUI Program and provides recommendations on how to make the program work better. The DoD’s response to the

Tennessee has joined the growing number of states that have enacted comprehensive data privacy laws. On the final day of this year’s legislative session, the Tennessee legislature passed the Tennessee Information Protection Act (TIPA), and Governor Bill Lee signed TIPA into law on May 11, 2023.  

TIPA marks a significant development in data privacy

Under the European Union’s General Data Protection Regulation (GDPR), individual data subjects have the right to request that the data controller share information regarding the data subject’s personal information. This includes the right to know the “recipients or categories of recipients” to whom the data subject’s personal data has been disclosed. To date, data controllers

The case of Popa v. Harriet Carter Gifts, Inc. “began with a quest for pet stairs.” Plaintiff Ashley Popa searched Harriet Carter Gifts’ website, added pet stairs to her cart, but never completed the purchase. During her “quest,” Popa’s information was collected not only by Harriet Carter Gifts, but also by a third-party marketing company

California’s Attorney General Rob Bonta has made clear that California Consumer Privacy Act (CCPA) enforcement is going to be a priority for the AG’s office. On Friday, the California AG’s office announced a $1.2 million settlement of an enforcement action against Sephora, Inc. for allegedly insufficient disclosures as required by the CCPA. The biggest takeaways

Another Data Privacy Law? Colorado Enacts the Colorado Privacy ActColorado became the third state to enact comprehensive data privacy legislation when Gov. Jared Polis signed the Colorado Privacy Act (CPA) on July 8, 2021. The CPA shares similarities with its stateside predecessors, the California Consumer Privacy Act (CCPA), the California Privacy Rights Enforcement Act (CPRA), and the Virginia Consumer Data Protection Act (VCDPA), as

Circuit Split No More: 2nd Circuit Clarifies Article III Standing in Data Breach CasesWhile more states push forward on new privacy legislation statutorily granting consumers the right to litigate control of their personal information, federal courts continue to ponder how data breach injury fits traditional standing requirements. Previous to McMorris v. Carlos Lopez, McMorris v. Carlos Lopez & Assocs., LLC, many have argued there was a circuit

Florida Legislature Considers Sweeping Data-Privacy Legislation Supported by GovernorFlorida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Rep. Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act (CCPA). The bill is supported by Gov. Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses

Privacy Litigation Updates for the Financial Services Sector: Claims Against Yodlee Survive and Limited Discovery of Envestnet AllowedIn November 2020, Yodlee and its parent company Envestnet filed separate motions to dismiss the class action lawsuit brought over Yodlee’s alleged data collection and use practices. Yodlee’s motion to dismiss argued that plaintiffs failed to state a claim under Federal Rule of Civil Procedure 12(b)(6), while Envestnet argued that its status as the parent