Posts

Showing posts with the label Privacy Law

Delaware’s Privacy Law is About to Expand: 6 Steps Employers and Businesses Should Take to Prepare

Just over a year after Delaware’s privacy law took effect, state lawmakers are close to expanding its reach by passing a bill that could soon cover more businesses, narrow a key exemption, and expand the definition of sensitive data. Most notably for employers, the pending legislation would also impose significant new obligations on the use of AI in the workplace, capturing resume screeners, interview scoring tools, workforce analytics platforms, and similar technology. If the bill passes as expected, these amendments would take effect on January 1, 2027. What do you need to know about this bill and what are the six steps you should take to prepare? Quick Status Update House Bill 380 would amend Delaware’s Personal Data Privacy Act (DPDPA), which passed in 2023 but took effect in 2025 ( you can read a summary here ). The bill passed the House on May 21 by a 30-9 vote and now sits in the state Senate, where it is expected to soon pass given its strong momentum and institutional backin...

How New Rhode Island Privacy Law May Impact Businesses Across U.S.

Rhode Island businesses and any company with Rhode Island customers are officially on the clock. The Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA” or “the Act”) takes effect January 1, 2026 , meaning compliance deadlines are quickly approaching . Unlike many other state privacy laws, the Act provides no right to cure violations before penalties apply. With potential fines of up to $10,000 per violation, businesses should begin compliance efforts now by reviewing data practices, updating privacy notices, and preparing consumer rights workflows before year-end. Key Definitions: Controllers and Processors The Act follows the same framework used in other state privacy laws and the European Union’s General Data Protection Regulation (GDPR) by distinguishing controllers and processors: Controller : The individual or business that decides why personal data is collected and how it will be used. For example, a retailer deciding to collect customer email addresses for mark...

Connecticut, the Provisions State, Adds New Provisions to its Privacy Law

Connecticut has revised its privacy law for the third time since it was passed in 2022. With  SB 1295 , the state has mirrored others (like  Colorado  and  Montana ) in making ongoing changes to its law. Many of the changes incorporate either in concept, or wholesale, provisions that exist in other states. C onnecticut makes these changes following  2024  and  2025  AG reports, which reports included recommendations to lawmakers, some of which ended up in SB 1295. Among the changes that will take effect July 1, 2026 are the following: Expanded Scope.  Like  Montana , the threshold will be lowered. Rather than 100,000 consumers, it will be processing information of 35,000 consumers . This lowered threshold aligns with other states such as  Delaware ,  New Hampshire ,  Maryland , and  Rhode Island . The law will also cover entities that process any sensitive consumer data, and expands the definition of that term. It wi...