Photo of Divonne Smoyer

Divonne Smoyer

Subscribe to Divonne Smoyer's Posts

The Virginia legislature, which adjourned its annual legislative session last week, passed the second state-level consumer data privacy law in the nation. The Virginia Consumer Data Protection Act (CDPA) was signed into law by Virginia Governor Ralph Northam on March 2, 2021, and will go into effect January 1, 2023. Virginia joins California as the second state to enact comprehensive data privacy protections for its residents.

The Virginia Attorney General (AG) will be the main interpreter and enforcer of the new law. The CDPA gives the AG exclusive enforcement authority–there is no private right of action. Without a private right of action, the AG alone will control how the CDPA will be enforced.Continue Reading Keep an eye on the Commonwealth: Virginia passes comprehensive data privacy law, empowers Attorney General as chief enforcer

In a recent Q&A with Tennessee Attorney General (AG) Herbert Slatery, the eight-year term AG discusses how he makes consumer protection, including privacy and cybersecurity issues, a top priority for Tennessee citizens and businesses. AG Slatery shares his thoughts on privacy on a multi-state state level, the prospect of standards of enforcement for technology companies,

In a recent Q&A with Colorado Attorney General (AG) Phil Weiser, the first term AG discusses how he makes data privacy and cybersecurity accessible and interesting to his Colorado constituents. AG Weiser also explains the role of Colorado’s interdisciplinary Data Privacy and Security Impact Team and how its implementation has benefitted the state. Lastly, AG

Before the dust has even settled on many California Consumer Privacy Act (CCPA) compliance projects, California voters have welcomed the future of privacy by overwhelmingly approving Proposition 24: The California Privacy Rights Act (CPRA).  Building off of the CCPA framework, the CPRA expands the rights of California consumers, adds new responsibilities for both business and service providers, and creates a new state agency, the California Privacy Protection Agency (the Agency), to take over enforcement from the state Attorney General.  Here are the notable changes:

First, every business will be happy to know that the B2B and employee information sunsets have been extended until January 1, 2023 (after being extended by another year until 2022 by the legislature).
Continue Reading CPRA: The next frontier in (California) privacy

In a recent Q&A with Nevada Attorney General (AG) Aaron Ford, the first term AG discusses Nevada’s new data privacy law (Senate Bill 220), which provides consumers with a right to opt out of the sale of their data. AG Ford also outlines his perspective on federal privacy law and his office’s data breach enforcement

In a recent Q&A with Illinois Attorney General Kwame Raoul, the first term AG discusses potential changes to data breach laws in Illinois and whether his state could implement a privacy statue similar to the California Consumer Privacy Act (CCPA), the effectiveness of federal data breach legislation, and reasonable steps that businesses could take to

On March 10, 2020, Vermont Attorney General T.J. Donovan initiated an enforcement action based on Vermont’s new data broker law against Clearview AI, Inc.

Vermont’s data broker law, which became effective January 1, 2019, governs data brokers, which it defines as companies that collect and sell or license to third parties the personal information of a consumer with whom the business does not have a direct relationship. The law requires that data brokers (a) annually register with the Vermont Secretary of State, including completing certain necessary disclosures, and (b) maintain minimum data security standards. The law also prohibits any businesses or individuals – not just data brokers – from acquiring brokered personal information through fraudulent means or for the purpose of stalking, harassment, discrimination, or fraud.

According to the complaint, Clearview, which only registered as a Vermont data broker in January 2020 shortly before the publication of a New York Times article discussing many of the issues outlined in the complaint, uses “screen scraping” to amass a database of three billion photographs. Clearview then combines those photographs with facial recognition technology to create a commercial service that allows a customer to upload a photograph and “instantly identify the individual through facial recognition matching.” While Clearview claims the technology exists to help law enforcement, the complaint alleges that Clearview has also provided its app to for-profit entities, investors, and foreign governments.Continue Reading Vermont Attorney General brings first data broker enforcement action

On March 2, 2020, Reed Smith and the International Association of Privacy Professionals (IAPP) presented a panel discussion on 2020 privacy laws and trends featuring Attorney General Christopher Carr of Georgia; Linda Holleran Kopp of the Bureau of Consumer Protection, Division of Privacy and Identity Protection of the Federal Trade Commission (FTC); and Oriana Senatore, Senior Vice President of Policy & Research at the U.S. Chamber Institute for Legal Reform (ILR).

A clear theme from the discussion was that federal legislation is the best path for privacy reform in the United States.  The current “patchwork quilt” of federal and state data privacy laws and enforcement by the FTC (and other agencies) as well as by states – now complicated exponentially by enforcement actions by cities and counties and the presence of private rights of action increasingly proposed for state privacy legislation – is not the way to best balance privacy consumer protection and business compliance.  Indeed, the evolving privacy landscape is now approaching a “crazy quilt patchwork.”
Continue Reading Georgia AG, FTC and US Chamber Institute for Legal Reform discuss “crazy quilt patchwork” of privacy laws in the US

Reed Smith IP, Tech & Data attorneys Divonne Smoyer and Alexis Cocco conducted an in-depth Q&A with Maryland Attorney General Brian Frosh. During the interview, he discusses his priorities for data privacy and security for Maryland, including his hopes for future legislation in both Maryland and federally. AG Frosh is currently in his second term

Reed Smith IP, Tech & Data attorneys Divonne Smoyer and Alexis Cocco conducted an in-depth Q&A with Georgia Attorney General Chris Carr. During the Q&A, he discusses why he doesn’t mind that his state doesn’t have mandatory breach notification requirements and what he wants to see in a federal privacy law, should one come to