On August 5, 2024, Illinois Governor J.B. Pritzker signed into law SB 2979, significantly amending the state’s Biometric Information Privacy Act (BIPA). This update represents a considerable decrease in the potential for...more
The State of Texas and Meta Platforms Inc. (“Meta”) have agreed to a $1.4 billion settlement, to be paid out over five years, to resolve claims relating to Meta’s alleged use of facial recognition technology without user...more
8/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Facial Recognition Technology ,
Personal Data ,
Personally Identifiable Information ,
Settlement
Minnesota becomes the latest state to move to pass legislation regulating the processing and controlling of personal data (HF 4757 / SF 4782). If signed into law by Governor Tim Walz, the Minnesota Consumer Data Privacy Act,...more
On March 7, 2024, a bipartisan coalition of 43 state attorneys general sent to the Federal Trade Commission (“FTC”) a letter urging the FTC to update the regulations (“COPPA Rules”) implementing the Children’s Online Privacy...more
3/14/2024
/ COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personal Information ,
Personally Identifiable Information ,
State Attorneys General ,
Websites
The Colorado Department of Law (“DoL”) has published a shortlist of potential universal opt-out mechanisms (“UOOMs”). Beginning on July 1, 2024, companies will be required to allow consumers to opt out of the sale of their...more
On October 19, 2023, the Consumer Financial Protection Board (“CFPB”) released a proposed rule that, if enacted, would grant consumers greater access rights to the data their financial institutions hold. Under the proposed...more
10/24/2023
/ Comment Period ,
Consumer Financial Products ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Information ,
Consumer Privacy Rights ,
Dodd-Frank ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Personally Identifiable Information ,
Proposed Rules ,
Regulatory Agenda
Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia. Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”)...more
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as...more
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US),...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
With the ongoing covid crisis leaving businesses of all sizes concerned about the short and medium term future, the intimidating task of considering a liquidation or restructuring is inevitably starting to become a reality. ...more
Businesses subject to the California Consumer Privacy Act (“CCPA”) that have begun exploring the possibility of collecting data from visitors to their facilities to track potential coronavirus exposure and to allow/deny entry...more
On Friday, February 7, 2020, the California Attorney General’s (AG) Office released modified regulations to the California Consumer Privacy Act (CCPA). The modified regulations incorporate amendments to the CCPA signed into...more
2/11/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or...more
10/22/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Request For Information ,
Rulemaking Process ,
State and Local Government ,
Two-Step Verification ,
Verification Requirements
To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal...more
10/18/2019
/ Attestation Requirements ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
The California Attorney General’s Office released its long-awaited proposed CCPA Regulations yesterday. The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including...more
10/11/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
On September 13, 2019—the last day of the legislative session—California lawmakers approved five amendments intended to clarify the scope of the California Consumer Privacy Act (the “CCPA”), but rejected several...more
9/17/2019
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
8/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Information Technology ,
Insurance Industry ,
NAIC ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers,...more
At what has been described as a marathon hearing that lasted late into the night of July 9, the California Senate Judiciary Committee advanced several amendments to the California Consumer Privacy Act (the “CCPA”), but major...more
7/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Rulemaking Process
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/30/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/29/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
For good reason, there has been much discussion about the new privacy rights created by the California Consumer Privacy Act of 2018 (CCPA), which becomes effective January 1, 2020. ...more
11/21/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action
With more than double the number of required signatures well ahead of the verification deadline late this month, the citizen-initiated measure "The California Consumer Privacy Act of 2018" appears headed for the statewide...more
Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information...more
The Arizona Legislature has significantly expanded and strengthened the state's data breach notification law. The legislation was signed by Arizona Governor Doug Ducey on April 11, 2018....more
4/18/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes