On January 18, 2021, Kennedy Sutherland LLP reported on the introduction of Florida Senate Bill 1864 (“SB 1864”) and Florida House Bill 9 (“HB 9”).

On February 10, 2022, a hearing was held where the House Commerce Committee unanimously decided to advance HB 9 to the Judiciary Committee, with amendments, for review and approval.

On February 8, 2021, the New York Privacy Act (“Act”) was approved by the New York Senate Consumer Protection Committee and reported and committed to the Internet and Technology Committee for Review and approval.

On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) Chair Gary Gensler issued a statement on some “comprehensive reforms to improve cybersecurity risk management for registered investment advisers, registered investment companies, and business development companies” that the SEC is considering implementing under a newly proposed Cybersecurity Risk Management Rule (the “Proposed Rule”).

On January 27, 2022, the Indiana Senate Committee on Commerce and Technology unanimously passed SB 358, which consumer personal data protection in the state. The bill is currently being reviewed by the Committee on Commerce, Small Business and Economic Development.

On January 20, 2022, Nebraska joined a cohort of states introducing legislation pushing for more comprehensive personal data and privacy legislation, when Senator Mike Flood introduced LB1188, the Adopt the Uniform Personal Data Protection Act (“Adoption Act”).

Many of our recent blogs have centered around data security and privacy measures that are being implemented by government actors. Although it is important that your business review and adhere to the legislative changes and best practices, there are many steps your organization should consider in establishing your privacy and data governance policies.

On January 28, 2022, the Colorado Attorney General Phil Weiser released remarks on Colorado’s efforts to enact legislation in Colorado enhancing privacy and data security protections for consumers and the “failure of the federal government to act” in this area of law.

Pursuant to Colorado’s efforts, Weiser provided a list of best practices for data security stemming from federal and Colorado state guidance.

On January 24, 2022, Securities and Exchange Commission (“SEC”) Chair Gary Gensler spoke at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute and addressed the SEC’s efforts to improve the cybersecurity resiliency of the financial sector.

In recent blogs, we have reported on the passage and proposition of state privacy legislations from Virginia, Kentucky, Mississippi, New York, Oklahoma, Florida, and California, which contain considerable overlapping provisions—consumer’s right to opt-out of targeted advertising, request information on their stored personal data and to delete or correct their stored information. However, despite their similarities, each bill has its own terms of enforcement, duties, scope and specifications specific to the state of enactment.

On January 13, 2022, the United States Chamber of Commerce (“USCOC”) and a multitude of business industry groups from national associations and 28 individual states sent a letter to Congress requesting comprehensive privacy legislation that would displace the “patchwork” of state privacy laws poised to take effect this year.

In recent years, there has been an increase in conversation regarding the need for adoption of legislative efforts surrounding the use of artificial intelligence ("AI") in the United States. These efforts can be attributed to a variety of factors, including the increase in cybersecurity threats in the United States, concern for increased consumer protections, and the prevalence of AI use across many industries.

This year, Virginia legislatures are poised to consider several amendments to their Consumer Data Protection Act (SB 1392) (“CDPA”), which was enacted in 2021.

On January 19, 2022, Senator Cory Booker (D-NJ) introduced the Banning Surveillance Advertising Act (“Act”) to implement limiting or, in some circumstances, extinguishing, “surveillance advertising.”

On January 18, 2022, Senator Whitney Westerfield (R) introduced Senate Bill 15, which will create new section relating a consumer’s right to protect their personal data in KRS Chapter 367, the state’s consumer protection provisions.

On January 17, 2022, Senator Angela Turner-Ford (D) introduced Senate Bill 2330, referred to as the Mississippi Consumer Data Privacy Act to the Mississippi State Senate. This bill will provide consumers with certain protections and rights with regard to the use and disclosure of their personal information by businesses.

On January 11, 2022, Senator Troy Singleton (D) and Senator Richard Codey (D) introduced Senate Bill S332 which would govern businesses maintaining commercial internet websites and online servicers of said websites ability to obtain and utilize consumer’s personal information.

On January 18, 2022, the U.S. Chamber of Commerce announced the launch of its Artificial Intelligence (AI) Commission on Competition, Inclusion, and Innovation, with the stated purpose of advancing the position of the United States in the use and regulation of AI.

On November 8, 2021, New York Governor Kathy Hochul signed into law an amendment to New York's civil rights law, A.430/S.2628, which will impact the privacy rights of all New York employees and the requirements imposed on all New York employers.

On February 7, 2022, the Oklahoma Computer Data Privacy Act of 2022 will be presented to the Oklahoma State Legislature for its First Reading. This Act, if enacted, would result in several new privacy-related obligations being placed on certain organizations engaging in businesses in Oklahoma.

On January 7, 2022, Florida Senator Jennifer Bradley (R-Dist. 5) introduced Florida Senate Bill 1864, titled the “Florida Privacy Protection Act” (“FPPA”). Additionally, on January 11, 2022, Florida Representative McFarland proposed HB 9, relating to consumer data privacy.

At the end of 2021, the California Privacy Protection Agency (“Agency”) released written public comments regarding the California Privacy Rights Act (CPRA), which will go into effect on January 1, 2023.