Tag: Nebraska

Consumer Privacy Update: What Organizations Need to Know About Impending State Privacy Laws Going into Effect in 2024 and 2025

Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some counts.

Many of these state laws will go into effect starting Q4 of 2024 through 2025. We have previously written in more detail on New Jersey’s comprehensive data privacy law, which goes into effect January 15, 2025, and Tennessee’s comprehensive data privacy law, which goes into effect July 1, 2025. Some laws have already gone into effect, like Texas’s Data Privacy and Security Act, and Oregon’s Consumer Privacy Act, both of which became effective July of 2024. Now is a good time to take stock of the current landscape as the next batch of state privacy laws go into effect.

Over the next year, the following laws will become effective:

  1. Montana Consumer Data Privacy Act (effective Oct. 1, 2024)
  2. Delaware Personal Data Privacy Act (effective Jan. 1, 2025)
  3. Iowa Consumer Data Protection Act (effective Jan. 1, 2025)
  4. Nebraska Data Privacy Act (effective Jan. 1, 2025)
  5. New Hampshire Privacy Act (effective Jan. 1, 2025)
  6. New Jersey Data Privacy Act (effective Jan. 15, 2025)
  7. Tennessee Information Protection Act (effective July 1, 2025)
  8. Minnesota Consumer Data Privacy Act (effective July 31, 2025)
  9. Maryland Online Data Privacy Act (effective Oct. 1, 2025)

These nine state privacy laws contain many similarities, broadly conforming to the Virginia Consumer Data Protection Act we discussed here.  All nine laws listed above contain the following familiar requirements:

(1) disclosing data handling practices to consumers,

(2) including certain contractual terms in data processing agreements,

(3) performing risk assessments (with the exception of Iowa); and

(4) affording resident consumers with certain rights, such as the right to access or know the personal data processed by a business, the right to correct any inaccurate personal data, the right to request deletion of personal data, the right to opt out of targeted advertising or the sale of personal data, and the right to opt out of the processing sensitive information.

The laws contain more than a few noteworthy differences. Each of the laws differs in terms of the scope of their application. The applicability thresholds vary based on: (1) the number of state residents whose personal data the company (or “controller”) controls or processes, or (2) the proportion of revenue a controller derives from the sale of personal data. Maryland, Delaware, and New Hampshire each have a 35,000 consumer processing threshold. Nebraska, similar to the recently passed data privacy law in Texas, applies to controllers that that do not qualify as small business and process personal data or engage in personal data sales. It is also important to note that Iowa adopted a comparatively narrower definition of what constitutes as sale of personal data to only transactions involving monetary consideration. All states require that the company conduct business in the state.

With respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Iowa’s, Montana’s, Nebraska’s, New Hampshire’s, and Tennessee’s laws exempt HIPAA-regulated entities altogether; while Delaware’s, Maryland’s, Minnesota’s, and New Jersey’s laws exempt only protected health information (“PHI”) under HIPAA. As a result, HIPAA-regulated entities will have the added burden of assessing whether data is covered by HIPAA or an applicable state privacy law.

With respect to the Gramm-Leach-Bliley Act (“GLBA”), eight of these nine comprehensive privacy laws contain an entity-level exemption for GBLA-covered financial institutions. By contrast, Minnesota’s law exempts only data regulated by GLBA. Minnesota joins California and Oregon as the three state consumer privacy laws with information-level GLBA exemptions.

Not least of all, Maryland’s law stands apart from the other data privacy laws due to a number of unique obligations, including:

  • A prohibition on the collection, processing, and sharing of a consumer’s sensitive data except when doing so is “strictly necessary to provide or maintain a specific product or service requested by the consumer.”
  • A broad prohibition on the sale of sensitive data for monetary or other valuable consideration unless such sale is necessary to provide or maintain a specific product or service requested by a consumer.
  • Special provisions applicable to “Consumer Health Data” processed by entities not regulated by HIPAA. Note that “Consumer Health Data” laws also exist in Nevada, Washington, and Connecticut as we previously discussed here.
  • A prohibition on selling or processing minors’ data for targeted advertising if the controller knows or should have known that the consumer is under 18 years of age.

While states continue to enact comprehensive data privacy laws, there remains the possibility of a federal privacy law to bring in a national standard. The American Privacy Rights Act (“APRA”) recently went through several iterations in the House Committee on Energy and Commerce this year, and it reflects many of the elements of these state laws, including transparency requirements and consumer rights. A key sticking point, however, continues to be the broad private right of action included in the proposed APRA but absent from all state privacy laws. Only California’s law, which we discussed here, has a private right of action, although it is narrowly circumscribed to data breaches.  Considering the November 2024 election cycle, it is likely that federal efforts to create a comprehensive privacy law will stall until the election cycle is over and the composition of the White House and Congress is known.

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Data Privacy, visit the NLR Communications Media Internet section.

Oklahoma and Nebraska Challenge Colorado’s Amendment 64: Legalized Marijuana

In 2012, Colorado was the first state to legalize recreational marijuana with Amendment 64.  While this has made Pizza Franchisors happy and sent snack sales through the roof, it has also created controversy and unintended consequences.  The entire country has watched Colorado sort through these issues, curious to see how things will land, how much people really want to get high, and most of all, exactly how much money is there to be made?  Along with these practical issues and enforcement questions, several legal issues have come into play as marijuana legalization—and its conflict with federal law—has changed the landscape.  Perhaps most significantly are the legal challenges to Colorado’s statute in front of the Supreme Court.

Colorado’s Amendment 64 changed the State Constitution to allow for recreational use of marijuana. According to the law, Adults 21 or older can grow up to six cannabis plants, with 3 being mature at a time, and legally possess all the cannabis from those plants.  Adults may also travel with up to one ounce of marijuana while traveling, and gift up to one ounce to other adults 21 or over.  Consumption is regulated like alcohol.  The sale and growth of marijuana is regulated by the state, with licenses available for both growers and retail outlets.

The Attorney Generals’ of neighboring states Oklahoma and Nebraska, Scott Pruitt and Jon Bruning, respectively, have sued Colorado.  The complaint cites Colorado for creating a “scheme” that “frustrates the federal interest in eliminating commercial transactions in the interstate controlled-substances market, and is particularly burdensome for neighboring states [Oklahoma and Nebraska] . . . States where law enforcement agencies and the citizens have endured the substantial expansion of Colorado marijuana.”  Colorado’s Attorney General, John Suthers, was against marijuana legalization when it was being debated, but now he is tasked with defending the state’s controversial measure.

Oklahoma and Nebraska take issue with Colorado’s failure to take steps to prevent the drug from leaving the state.  In particular, the complaint takes issue with Colorado not requiring patrons to smoke or eat the marijuana where they purchase it, or tracking marijuana once it is sold, or requiring a background check on purchasers.  The law, in fact, only requires a driver’s license that says you are 21 to purchase the drug.  Colorado has no effective way, according to the complaint, to stop “criminal enterprises, gangs and cartels from acquiring marijuana inventory directly from retail marijuana stores.”

Concerns about a black market exist, and how the law might be creating gray areas in how pot is sold and cultivated.  A CNBC documentary “Marijuana Country: The Cannabis Boom” examines some of these issues.  Cameras follow two pot dealers as they show how loopholes in the law allow them to profit from their excess marijuana, grown legally, in a gray market heavy with craigslist postings and terminology—he is a caregiver, not a dealer, and he gifts the marijuana and receives gifts of cash in return.  It’s easy to see how this gray area doesn’t stop at the state line.

In fact, law enforcement officials from counties neighboring the Colorado border say they are seeing more Colorado marijuana, some of it still in the retail packaging, flow into their counties.  The strained jail budgets in these counties are a result of the increased enforcement costs—more impounded vehicles, more arrests and higher costs all around because of the pot coming down the highway.  Colorado AG John Suthers says 40 states have contacted his office regarding marijuana seized within their borders, and the Washington Post has gone so far as to call Colorado “the nation’s giant cannabis cookie jar.”

It is for these reasons that Oklahoma and Nebraska have filed their complaint.  Invoking the Constitutional provision that gives the Supreme Court original jurisdiction on disputes between the states, basing their complaint on the claim to the right to have federal laws prevail over contradictory state laws under the Supremacy Clause of Article VI of the Constitution.  Nebraska and Oklahoma v. Coloradohas not received permission to be filed by the court.   It should be interesting to see how the case develops.  But with over 130 metric tons of marijuana sold, legally, in Colorado last year, the demand is not going away.

The court documents and the complaint are here.

ARTICLE BY

Eilene Spear
OF
The National Law Review / The National Law Forum LLC

Four States and Two Major Cities Approve Minimum Wage Increases

Michael Best Logo

Voters in the states of Alaska, Arkansas, Nebraska, and South Dakota voted in favor of ballot initiatives that will increase the state minimum wage. Alaska’s minimum wage will increase from $7.75 to $9.75 an hour by 2016, Arkansas’s from $6.25 to $8.50 by 2017, Nebraska’s from $7.25 to $9.00 by 2016, and South Dakota’s from $7.25 to $8.50 next year.

Those four states join 12 others and Washington, D.C., all of which have increased their minimum wage in the past two years. For example, New Jersey’s 2013 ballot initiative to raise the state minimum to $8.25 passed by more than 60 %, and in 2006, state initiatives to raise the minimum wage passed by large majorities in Arizona (65.6%), Missouri (75.6 %), Montana (74.2 %), Nevada (68.4 %), and Ohio (56.5 %).

Voters in San Francisco overwhelmingly approved a ballot initiative to raise the city’s minimum wage to $15 an hour, the highest level in the nation, on the heels of Seattle’s June decision to raise its minimum wage to $15. As with Seattle’s minimum wage, San Francisco’s will be phased in gradually, from its current rate of $10.74 an hour to $11.05 on January1 and $12.25 in May before increasing every year until reaching $15 in 2018.

On December 2, 2014, the Chicago City Council overwhelmingly approved raising the City’s minimum wage from the current state-wide rate of $8.25 an hour to $13 by mid-2019. Chicago workers will see their first increase next July, when the minimum wage will increase to $10, then increase by 50 cents each of the two years after that, and $1 the next two years.

This minimum wage initiative has also received some pushback. For example, Hotel industry groups on December 16 sued the city of Los Angeles in federal court over the city’s enactment of a minimum wage ordinance requiring large non-union hotels to pay their workers $15.37 an hour. In their lawsuit, the American Hotel & Lodging Association and the Asian-American Hotel Owners Association allege the city ordinance violates federal labor, contract and equal protection laws.

The hotel minimum wage ordinance, which passed the City Council in October on an 11-2 vote, is estimated to cover about 80 large hotels in the city. Starting in July, hotels with more than 300 rooms must pay workers the higher minimum wage; in July 2016 the measure kicks in for hotels with as few as 125 rooms. Hotel Industry groups contend that by allowing exemptions for hotels with union collective bargaining agreements, the ordinance creates an economic disadvantage for non-union hotels, thus forcing their hand to permit union organizing.

These minimum wage increases are not expected to make it more likely that Congress will pass President Obama’s proposed federal minimum wage increase to $10.10, particularly given the results of this past November’s mid-term elections. However, the minimum wage will certainly remain a hot-button issue for the next two years, and a campaign issue during the 2016 Presidential campaign.

ARTICLE BY

Robert W. Mulcahy
Carlos R. Pastrana-Torres
OF
Michael Best & Friedrich LLP