In Part Two of this FAQ series, we continue to break down Virginia’s Senate Bill 754, Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information (Act), which amends the Virginia Consumer Protection Act (VCPA). The law went into effect on July 1, 2025.
In what appears to be an emerging privacy litigation trend, plaintiffs’ attorneys have recently filed a series of putative class action lawsuits targeting data companies in possession of cellular telephone numbers. The lawsuits attempt to leverage an untested provision in Colorado’s Prevention of Telemarketing Fraud Act (PFTA) which prohibits knowingly listing “a cellular telephone number in a directory for a commercial purpose unless the person whose number has been listed has given affirmative consent[.]” Colo. Rev. Stat. Ann. § 6-1-304(4). Although the law was originally enacted in 2005, there is almost no case law interpreting its provisions. However, the PFTA provides for statutory damages of $300-500 per violation, attorneys’ fees, and costs, making it attractive to plaintiffs’ lawyers. Several other states have similar laws. See, e.g., Conn. Gen. Stat. Ann. § 16-247s, N.Y. Gen. Bus. Law § 399-cc.1, Minn. Stat. Ann. § 325E.318, 73 Pa. Stat. Ann. § 2403, S.D. Codified Laws § 49-31-118, and TX UTIL § 64.202.
In Part One of this FAQ series, we break down Virginia’s Senate Bill 754, Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information (Act), which amends the Virginia Consumer Protection Act (VCPA). The law goes into effect on July 1. Overall, given the broad definitions used in the Act, the law likely regulates organizations that are not traditional health care companies, and goes beyond traditional health information.
Troutman Pepper Locke attorneys assess California’s collaboration with other foreign governments on promoting privacy rights and what this means for the future of data protection worldwide.
The California Privacy Protection Agency recently announced that it signed a declaration of cooperation on privacy protections or collaboration with the UK Information Commissioner’s Office, its latest collaboration with a foreign government.
In this episode of the Regulatory Oversight podcast, Stephen Piepgrass welcomes David Navetta, Lauren Geiser, and Dan Waltz to discuss the $51.75 million nationwide class settlement involving Clearview AI and its broader implications. The conversation focuses on Clearview AI’s facial recognition software, which has sparked controversy due to its use of publicly available images to generate biometric data.
Troutman Pepper Locke partners examine ambiguities in the Department of Justice’s compliance guidance for its new data security program.
The Department of Justice’s new data security program took effect on April 8. A few days later, the agency issued an implementation and enforcement policy that provides a 90-day leniency period for DSP civil enforcement through July 8, along with a compliance guide and frequently asked questions.