Photo of Samantha Ettari

Samantha Ettari is a member of the firm’s Privacy & Data Security practice. Sam counsels clients on a wide range of privacy, data security, and artificial intelligence matters, including online and mobile advertising, consumer rights, data management, and consumer protection.

Minnesota’s governor signed the Minnesota Consumer Data Privacy Act (MNCDPA or the Act) into law at the end of May, making Minnesota the 18th state to enact a comprehensive consumer privacy law. The MNCDPA will take effect for most covered entities on July 31, 2025. The law provides a 30-day cure period, which will sunset on January 31, 2026, six months after the Act’s effective date. Entities that violate the Act are subject to injunction and civil penalties of up to $7,500 per violation. Like most other state privacy laws, the MNCDPA does not include a private right of action and will be enforced solely by the attorney general.Continue Reading Minnesota’s Unique Spin on Consumer Data Privacy

The Board of the California Privacy Protection Agency (the CPPA) held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment regulations. While the CPPA Board expressly announced that the drafts were for board meeting discussion purposes and that it has

The Federal Trade Commission recently announced an enforcement order against edtech company Edmodo for allegedly violating the Children’s Online Privacy Protection Act. In its complaint, the FTC alleged that Edmodo violated COPPA by collecting, using, and disclosing personal information from children without obtaining “verifiable parental consent,” and retaining the personal information collected for longer than

A court-ordered stay on enforcement of updates to certain parts of the California privacy regulation (the Ruling) has not slowed down enforcement of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In fact, the hot summer months of July and August are poised to be busy months of regulator activity. On Friday, July 14, the California Attorney General distributed a series of “inquiry letters” to certain businesses as part of an investigative sweep concerning employee privacy. Simultaneously, the California Privacy Protection Agency (CPPA) detailed its enforcement strategy for California state privacy laws in a public meeting, announcing the Agency’s plans to continue with enforcement where it is able, despite the stay on updates to the regulations. Most recently, on July 31, the CPPA announced a review of privacy practices around connected automobile data. This increased level of activity should encourage companies that have been slow to implement a compliant privacy program, including the updates that went effective on January 1, 2023.Continue Reading Full Steam Ahead: Updates in Enforcement of California Privacy Law

The California Privacy Protection Agency (CPPA) released a statement on March 30, 2023, announcing that the California Office of Administrative Law (OAL) had approved the first substantive rulemaking package for the California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA). As a result of this, the CCPA regulations in this rulemaking package are finalized and, according to their terms, effective immediately.Continue Reading Crossing the Finish Line: California Regulations Effective Immediately

On March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA). The interview was moderated by Samantha V. Ettari, Perkins Coie LLP senior counsel and co-chair of the IAPP KnowledgeNet Dallas Chapter, and Justin L. Koplow, AT&T senior legal counsel and also a co-chair of the IAPP Dallas Chapter. The conversation focused on a variety of subjects, including Rep. Capriglione’s professional technology background and subsequent journey into privacy issues, the development of the TDPSA, its specific provisions, and how the bill compares to privacy regimes in other states, including the Virginia Consumer Data Protection Act (VCDPA), on which it was modeled. This is the third comprehensive consumer privacy bill Rep. Capriglione has advanced, and this one appears to be channeling the momentum of six states’ comprehensive privacy laws, Texas denizens’ apparent interest in consumer privacy, and a significant national conversation around consumers’ and children’s privacy. Continue Reading Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws

After a five-day trial and only an hour of deliberation, the nation’s first trial under the Illinois Biometric Information Privacy Act (BIPA) ended with a bang. The jury found that the defendant, BNSF Railway Company, recklessly or intentionally violated BIPA 45,600 times (once per class member), resulting in a $228 million judgment.

Click here to

The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online

In February, the Texas attorney general brought the first enforcement action under Texas’ Capture of Use of Biometric law. CUBI was the first state law to govern the collection and use of biometric data, predating the more well-known Illinois law by seven years.

This update explores (1) the key differences between CUBI and the Illinois