U.S. State Privacy Laws

Nuanced comprehensive consumer privacy laws have been enacted in the U.S. by state legislatures, with more to come. Understanding their similarities, differences, and interactions with other laws, as well as the accompanying regulatory environment, is no small task. Sidley provides insight and perspective. You will also find our convenient tables and a map providing effective dates of the statutes and their amendments. Our Privacy and Cybersecurity lawyers also regularly contribute state law developments to the Sidley AI Monitor.

May 32023

Washington State Enacts My Health My Data Act, Broadly Regulating Health-Related Data With a Private Right of Action

Health Privacy, Legislation, Litigation, Online Privacy, Policy, U.S. State Law

Colleen Theresa Brown, Sheri Porath Rockwell, Lauren Kitces and Carly R. Owens

May 3, 2023

On April 27, 2023, Washington Gov. Jay Inslee, a Democrat, signed into law the state’s My Health My Data Act (the Act), which will become effective on March 31, 2024 (June 30, 2024, for small businesses). Despite its name, this is a comprehensive privacy bill that will affect many entities, including those outside of the traditional “health” context. The rights and obligations may apply to individuals other than Washington residents, as the law defines consumers as including persons whose data is merely collected or otherwise processed in the state.

(more…)

Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com

Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

Lauren Kitces

Washington, D.C.

lkitces@sidley.com

Carly R. Owens

Apr 242023

Compliance Updates for Employer’s use of Automated Decisionmaking Tools: New York City Finalizes Rules on Automated Employment Decision Tools and Sets Enforcement Date for July 5, 2023, Upcoming California Regulations, and Federal Guidance

AI, Employee Privacy, Policy, U.S. State Privacy Laws

Wendy M. Lazerson, Sheri Porath Rockwell and Sasha Hondagneu-Messner

April 24, 2023

Employers in New York City may soon be subject to a new law, Local Law 144, that regulates employers’ use of automated employment decision tools (“AED tools” or “AEDT”) – software and other programs used to make decisions about who to hire, who to promote and other employment decisions. Local Law 144, the first of its kind law regulating these AED tools, was originally supposed to go into effect on January 1, 2023; however, because needed regulatory guidance had not been issued, the effective date was repeatedly pushed back and is now set for July 5, 2023. Final rules were released on April 6, 2023, so further delays are unlikely. We summarize below the key provisions of Local Law 144 and what employers need to know to prepare.

(more…)