Posts

Showing posts with the label personal data

Louisiana Enacts Consumer Data Privacy Law

Key point: Louisiana becomes the 22nd state — and third this year — to enact a consumer data privacy law, adopting a law similar to Texas’ law. On May 29, 2026, Louisiana Governor Jeff Landry signed the Louisiana Data Privacy Act ( SB 386 ) into law. Louisiana is the 22nd state to pass a broad consumer data privacy law. It is the third state — following Oklahoma and Alabama — to pass a law this year. The new law largely tracks Texas’ law but with some notable differences we identify below. Applicability Although the law generally follows the Texas Data Privacy and Security Act, one of the notable ways in which it differs from that law — as well as other Washington Privacy Act model consumer data privacy laws — is its applicability standard. The law applies to controllers and processors that conduct business in Louisiana and satisfy one or more of the following thresholds: (1) have annual gross revenue in excess of $25 million; (2) annually buy, receive for the business’s commercial p...

House Republicans Unveil National Data Privacy Bill: Here’s What Employers and Businesses Need to Know

House Republicans just introduced sweeping federal data privacy legislation yesterday that could reshape how businesses collect, store, and use personal information, aiming to finally replace a growing patchwork of state laws with a single national standard . But the bill, known as the SECURE Data Act, faces significant hurdles before becoming law, so employers and businesses should approach it cautiously. This Insight will recap what you need to know about the bill and provide a few best practices all businesses can take when it comes to data privacy. What Is the SECURE Data Act? The Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act, introduced by Rep. John Joyce (R-Pa.) on April 22 and backed by House Energy and Commerce Committee Chair Brett Guthrie (R-Ky.), would create the first comprehensive federal consumer privacy framework in US history. The bill is the product of a Data Privacy Working Group that gathered input from more than 170 organizations a...

Oklahoma Enacts Consumer Data Privacy Law

Key point: Oklahoma becomes the 20th state to enact a broad consumer data privacy law. On March 20, 2026, Oklahoma Governor Kevin Stitt signed  SB 546  into law. In doing so, Oklahoma becomes the 20th state to enact a broadly applicable consumer data privacy law. Passage of a consumer data privacy law in Oklahoma has been a multiyear process. The Oklahoma House first passed a consumer data privacy bill authored by then-Representative Collin Walke in 2021, but the bill stalled in the Senate. The House again passed a bill in 2022, and it again stalled in the Senate. The new law is a more business-friendly blend of the 2022 version of Virginia’s consumer data privacy law and the Texas consumer data privacy law. Ultimately, entities subject to other state privacy laws will not have any new compliance obligations. In the below article, we provide an overview of the new law. Applicability The law applies to controllers and processors that conduct business in Oklahoma or produce a p...

Minnesota’s Consumer Data Privacy Act: An Overview

Twenty-nine years after Prince warned us about the dangers of the Internet, his home state has taken action to protect consumers who use it. [1]  On July 31, 2025, Minnesota joined the roughly twenty states that have adopted comprehensive privacy statutes. The new law, the Minnesota Consumer Data Privacy Act (MCDPA), grants the state’s residents new rights and requires businesses to honor them. This article gives a high-level summary of the new landscape. To Whom Does the Minnesota Consumer Data Privacy Act Apply? The MCDPA does not apply to every company doing business in Minnesota, and it also applies to many that have no operations in the state at all. The law applies if a company does business in Minnesota and meets one of two other tests. It applies where a company controls or processes personal data of 100,000 or more Minnesota consumers in a given year (with some exceptions). It also applies if a company controls or processes the personal data of 25,000 or more Minnesota co...

On January 8, the US Department of Justice (DOJ) issued a final rule under Executive Order 14117, which established the Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the Rule).

Read Executive Order 14117  here . The Rule , which took effect on April 8, establishes export-like restrictions and prohibitions on transferring specific types of “bulk U.S. sensitive personal data” and certain specified “government-related data” (including of current or recent US government employees and sensitive government location data) to designated “countries of concern,” including China (with Hong Kong and Macau), Iran, North Korea, Cuba, Venezuela, and Russia, as well as transactions involving “covered persons,” which includes entities that are established under the laws of by a country of concern and their employees. The Rule established high civil penalties and allows for criminal enforcement. However, on April 11, DOJ paused civil enforcement until July 8 on the express condition of “good-faith” efforts to comply, or to come into compliance with the Rule, in the meantime. Criminal enforcement was not paused. Who and What Is Covered? The Rule delineates four main categor...