On June 28, 2018, California passed the California Consumer Privacy Act (CCPA) and then further amended it on September 23, 2018. CCPA breaks new state law privacy ground and imposes consumer protections that are comparable...more
We’ve now presented two webinars (links will be posted ICYMI) on the scope of the California Consumer Privacy Act, and have been talking with scores of clients about preparation and planning. One of the most frequently asked...more
Many employers maintain policies limiting their employees’ expectation of privacy in the workplace, including policies that eliminate any expectation of privacy when using company-issued electronic devices. While employers...more
The Federal Trade Commission (“FTC”) has handed down its largest civil penalty ever for violations of the Children’s Online Privacy Protection Act (“COPPA”). Musical.ly, now known as TikTok after a 2018 merger, agreed to a...more
3/7/2019
/ Consent Decrees ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Settlement Agreements ,
Website Owner Liability ,
Websites
Last week, California State Senator Jackson and state Attorney General Becerra introduced a new bill, Senate Bill 561. If passed, it will greatly expand the consumers’ right to bring private lawsuits for violations of the...more
There will be one less new privacy regulation to worry about in 2019.
In June of last year, the Federal Trade Commission announced that it would review its rules implementing the CAN-SPAM Act, regulating unsolicited...more
Leaving its fingerprints all over the privacy debate, the Illinois Supreme Court handed down a ruling that will significantly impact litigation under the state’s unique Biometric Information Privacy Act (“BIPA” or “Act”),...more
1/30/2019
/ Actual Injuries ,
Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Private Right of Action ,
Written Consent
Recently, Oath, a wholly-owned subsidiary of Verizon Communications agreed to pay $4.95 million to settle charges from the New York attorney general’s office that the company’s online advertising business was violating...more
Recently, Amazon refused (registration required) to provide data from an Amazon Echo device in a case involving the a double homicide in response to an order issued by a New Hampshire state judge. Prosecutors believe that the...more
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more
11/16/2018
/ Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”). Governor Brown recently signed into law two nearly identical bills,...more
10/4/2018
/ Acquisitions ,
California Consumer Privacy Act (CCPA) ,
Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Governor Brown ,
Manufacturers ,
Mergers ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Welcome to October! October 2018 marks the 15th year of the observance of National Cyber Security Awareness Month, a joint effort of the U.S. Department of Homeland Security and the National Cyber Security Awareness Alliance....more
Late last week the White House released its National Cyber Strategy, setting forth its approach to protecting U.S. critical infrastructure from global cyber threats. The National Cyber Strategy builds off of Executive Order...more
Labor Day is passed, and the Privacy & Security Matters blog is back after a bit of a hiatus. The California State Legislature was busy up to the last day of the session working on privacy legislation.
Amendments to...more
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses...more
6/29/2018
/ Consumer Protection Laws ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Manufacturers of wireless devices used for Internet of Things (IoT) applications should take heed of new Trump Administration proposals aimed at reducing the cybersecurity threats from botnets and other automated and...more
6/26/2018
/ Automation Systems ,
Bots ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Security ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Internet of Things ,
Manufacturers ,
NIST ,
NTIA ,
Popular ,
Smart Devices ,
Software Developers ,
Trump Administration ,
Wireless Devices
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
5/16/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Vendor Contacts
Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of...more
5/9/2018
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Smart Devices ,
Website Owner Liability ,
Websites
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October...more
4/23/2018
/ Cloud Storage ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Recordkeeping Requirements ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
Letter from the Editors -
As Tolstoy once wrote, “Spring is the time of plans and projects.” Hopefully, the snows of winter are finally behind us, and it’s time to look forward, build, and create! We at Mintz Levin continue...more
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more