On October 11, 2019, the California Attorney General issued long-awaited draft Regulations to the California Consumer Privacy Act (CCPA). The draft Regulations provide helpful clarity on some core aspects of California’s...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Right to Delete ,
State Attorneys General
While many breathed a sigh of relief when the California legislature provided only a limited private right of action for data breaches under its sweeping new privacy law - the California Consumer Privacy Act (CCPA) -...more
9/5/2019
/ Arbitration ,
California Consumer Privacy Act (CCPA) ,
Civil Code ,
Consumer Privacy Rights ,
Data Breach ,
Enforcement Authority ,
Federal Arbitration Act ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Risk Management ,
Statutory Damages ,
Unfair Competition Law (UCL)
A wave of new unclaimed property statutes and rules is changing whether and when businesses should escheat gift, payroll, loyalty, and other stored-value cards. Ten states have adopted new statutes or rules in this area over...more
8/25/2019
/ Amended Legislation ,
Audits ,
Customer-Loyalty Programs ,
Escheat ,
Gift-Cards ,
New Legislation ,
Payroll Cards ,
Retailers ,
State and Local Government ,
Unclaimed Property ,
Uniform Law Commission (ULC)
On July 24, 2019, both the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) announced landmark settlements with Facebook. The agreements were significant not only because of the hefty fines...more
8/5/2019
/ British Airways ,
Cambridge Analytica ,
Consent Order ,
COPPA ,
Corporate Fines ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Facebook ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Mark Zuckerberg ,
Misleading Statements ,
Opt-In ,
Personal Liability ,
Privacy Laws ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Social Media ,
Unfair or Deceptive Trade Practices
While the California Consumer Privacy Act (CCPA) and its potential amendments are still a top concern for businesses, other states are showing that they will not be left behind when it comes to enhanced privacy legislation....more
6/7/2019
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Exemptions ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
Pending Legislation ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation
Companies in all industries and of all sizes are increasingly using biometric data—fingerprints, voiceprints, and facial structure, to name three—as a faster, more reliable, and more economical alternative to passwords and...more
4/12/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Collection ,
Data Privacy ,
Extraterritoriality Rules ,
Facial Recognition Technology ,
Fingerprints ,
Gramm-Leach-Blilely Act ,
IL Supreme Court ,
Notice Requirements ,
Personal Data ,
Private Sector ,
Risk Mitigation ,
Standard of Care
On January 18, 2019, the New York Department of Financial Services (NYDFS) issued a circular letter to all insurers authorized to write life insurance in New York State setting out the Department’s views concerning the use of...more
2/27/2019
/ Anti-Discrimination Policies ,
Data Collection ,
Disclosure Requirements ,
Geographic Markets ,
Insurance Industry ,
Life Insurance ,
NYDFS ,
PHI ,
Regulatory Oversight ,
Third-Party ,
Underwriting
As predicted, the start of 2019 provided scant respite from the frenetic pace of privacy and cybersecurity developments during 2018. This past month alone, in a blizzard of activity, regulators amended regulations and...more
2/5/2019
/ Biometric Information Privacy Act ,
CareFirst ,
Class Action ,
CNIL ,
Corporate Fines ,
Cybersecurity ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Systems Security Program (ISSP) ,
Injury-in-Fact ,
National Futures Association ,
Personal Data ,
Popular ,
State Data Breach Notification Statutes ,
Yahoo!
Companies not based in the European Union (EU) now have additional guidance to help them determine whether they have to comply with the General Data Protection Regulation (GDPR). The European Data Protection Board (EDPB), the...more
After four-plus years of litigation in a long-running dispute over unredeemed gift cards, a jury returned a verdict against Overstock.com, finding that the company violated the Delaware False Claims Act (FCA) by not reporting...more
On June 28, 2018, California passed a sweeping new privacy bill, AB 375, now known as the California Consumer Privacy Act of 2018 (CCPA).
The California legislature passed the bill in the morning and the governor signed...more
The General Data Protection Regulation (GDPR) took effect after two years of anticipation and preparation by many, but far from all, affected companies across the world. The GDPR is a new data protection and privacy law that...more
As promoters of cryptocurrencies and digital-asset exchanges face intense scrutiny from tax, securities and other financial services regulators, they will soon have to contend with unclaimed property (or escheat) laws in the...more
Legislation requiring the life insurance industry to conduct searches of the Social Security Administration’s Death Master File (DMF) and set the trigger for the escheatment dormancy period at the date of an insured’s death...more
With enactment of the Personal Information Protection Act (PIPA), Bermuda can now count itself among the ever-expanding list of jurisdictions with enhanced privacy protections. PIPA, passed on July 27, 2016, and entered into...more
4/13/2018
/ Bermuda ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
Fines ,
General Data Protection Regulation (GDPR) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
International Data Transfers ,
Penalties ,
Personal Data ,
Personal Information Protection Act ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
On February 21, 2018, the Securities and Exchange Commission issued an interpretive release1 providing important guidance to certain registrants on cybersecurity disclosure. Coming on the heels of dozens of high-profile...more
Onerous unclaimed property audits and vexing compliance issues will continue to challenge companies in a wide range of industries in 2018. Even with the robust economy, new federal tax provisions will push states to view...more
What is the problem?
Belgian researchers have published information about a vulnerability in the most popular WiFi encryption protocol that makes monitoring of all communications possible, except those communications that...more
Delaware is instituting an aggressive push forward on its controversial unclaimed property audit program, as indicated in two recent announcements. The Secretary of State has announced that his office will begin sending...more
The US Department of Transportation (DOT) and the National Highway Traffic Safety Administration (NHTSA) this week released Automated Driving Systems 2.0: A Vision for Safety. This updated guidance on automated driving...more
In a decision surely welcomed by the plaintiffs’ bar, the US Court of Appeals for the Ninth Circuit held, on August 15, 2017, that a putative class action plaintiff has Article III standing as long as the plaintiff alleges...more
In a flurry of approvals last week, the National Association of Insurance Commissioners (NAIC) took substantial steps toward finalizing its proposed Insurance Data Security Model Law during the 2017 NAIC Summer National...more
On June 29, 2017, the New York Department of Financial Services (NYDFS) issued an information request pursuant to Section 308 of the New York Insurance Law addressed to all life insurers and fraternal benefit societies...more
On June 27, 2017, hackers struck vulnerable businesses around the world with a new version of the “Petya” ransomware. This major cyberattack has disrupted utilities, shipping companies, law firms and other businesses across...more
On June 19, a jury sitting in federal court in the United States District Court for the Northern District of California awarded plaintiffs $60 million after finding that the defendant, TransUnion, LLC, violated provisions of...more