Photo of Stephanie Duchesneau

Stephanie Duchesneau is in the Privacy & Security practice at Perkins Coie.

Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA) released a discussion draft of the American Privacy Rights Act on April 7, 2024. This announcement of a bipartisan, bicameral proposal for a federal comprehensive consumer privacy law was a significant—and unexpected—development in longstanding efforts to adopt federal privacy legislation. 

Read the full Update here.

Just a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under Health Insurance Portability and Accountability Act, a discrete set of rules that applies to a specified set of healthcare plans, clearinghouses, and providers. While narrowly targeted statutes governed particular types of health data and

The Biden Administration recently released the implementation plan for the National Cybersecurity Strategy. The Plan includes initiatives for new cybersecurity regulations, new and expanded liability regimes, broad public and private engagement, and new procurement obligations and funding opportunities. Companies should pay close attention to opportunities to help shape new regulatory and liability schemes and should

The day before the California Privacy Rights Act became enforceable on July 1, we learned that enforcement of the first set of implementing regulations finalized by the California Privacy Protection Agency under the CPRA is delayed until March 29, 2024. Prior to the June 30 ruling by a California Superior Court judge, the Regulations were

International, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C. They, along with speakers from an array of private organizations, underscored the following takeaways that should be top of mind for businesses:Continue Reading Ten Takeaways From the 2023 IAPP Global Privacy Summit

After years out of circulation, class-action lawsuits asserting claims under the Video Protection Privacy Act are now back in reruns. More than 100 putative class actions alleging violations of the VPPA have been filed against publishers that use the Meta pixel on their websites.

It remains to be seen whether these lawsuits will survive evaluation

Critical infrastructure companies should expect substantial new federal cybersecurity requirements based on the National Cybersecurity Strategy that President Biden announced on March 2, 2023. The Strategy includes enhanced requirements for critical infrastructure. Specifically, President Biden pivoted federal cybersecurity policy from encouraging voluntary adoption of proactive security measures to using regulation and other measures to mandate

The Federal Energy Regulatory Commission has published a final rule calling for the North American Electric Reliability Corporation to develop standards for internal network cybersecurity monitoring. This rule will be required for all high-impact bulk electric systems and medium-impact bulk electric systems with external roundtable activity and conduct a study of the security of other

The Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023. The board also initiated preliminary rulemaking activities for risk assessments, cybersecurity audits, and automated decision-making. In approving the rulemaking package, the CPPA did not make substantive changes to the version of its draft regulations published in October 2022, indicating that any changes following from the more than 400 pages of public comment analysis could be advanced in future rulemaking activities.Continue Reading Almost There and Starting Again: CPPA Votes To Finalize Regulations and Launches Round Two