Maine’s legislature unanimously passed a new law—“An Act to Protect the Privacy of Online Customer Information” (the “Act”)—that will impose strict data protection restrictions on broadband internet service providers (ISPs)...more
10/29/2019
/ Broadband ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Authority ,
Internet ,
Internet Service Providers (ISPs) ,
New Legislation ,
Personally Identifiable Information ,
Privacy Laws ,
Public Utility ,
Utilities Sector
Attorney General Becerra held a press conference on October 10th, 2019, and announced the release of proposed regulations concerning the California Consumer Privacy Act (CCPA). He stressed that privacy is an inalienable right...more
10/14/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
Alastair Mactaggart, the real estate developer who led the push for the California Consumer Privacy Act (CCPA), is at it again. Mactaggart and his organization, Californians for Consumer Privacy, have submitted a new ballot...more
9/27/2019
/ Algorithms ,
Ballot Measures ,
California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
State Agencies
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
9/12/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data Use Policies ,
New Legislation ,
Online Platforms ,
Operators ,
Opt-Outs ,
Permanent Injunctions ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
State Data Privacy Laws ,
Statutory Penalties ,
Third-Party Service Provider ,
Websites
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more
8/5/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Cuomo ,
HIPAA Breach ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
SHIELD Act ,
State Data Breach Notification Statutes
In a set of recent settlements, the Federal Trade Commission (the FTC or Commission) resolved charges against two companies, ClixSense and D-Link, for failing to provide reasonable security and to live up to their data...more
7/23/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Information Security ,
Misrepresentation ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Section 5 ,
Settlement Agreements
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of public forums and accepting...more
1/29/2019
/ Comment Period ,
Consumer Privacy Rights ,
Consumer Protection Act ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Non-Discrimination Rules ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Public Comment ,
Public Forum ,
Rulemaking Process ,
Safe Harbors ,
State Attorneys General
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
1/29/2019
/ Actual Injuries ,
Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
Consent ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Retention ,
Fingerprints ,
IL Supreme Court ,
Injunctive Relief ,
Liquidated Damages ,
Personally Identifiable Information ,
Private Right of Action ,
Putative Class Actions ,
Standing ,
Statutory Interpretation ,
Statutory Violations
• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more
9/10/2018
/ California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
CMIA ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement ,
Exemptions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Time Extensions
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights.
• The CCPA creates a private right of action for California...more
7/9/2018
/ Attorney General ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Disclosure Requirements ,
Encryption ,
Enforcement Actions ,
Governor Brown ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Penalties ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Right to Delete ,
Third-Party Service Provider ,
Transparency
• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more
11/1/2017
/ Cyber Insurance ,
Cybersecurity ,
Data Security ,
Department of Financial Services ,
Health Insurance Portability and Accountability Act (HIPAA) ,
National Association of Insurance Commissioners ,
Non-Public Information ,
Notification Requirements ,
Personally Identifiable Information ,
Reinsurance ,
Risk Assessment ,
The Model Law ,
Third-Party Service Provider
Just one week after the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations issued a new risk alert on cybersecurity, the SEC brought an enforcement action against an investment adviser...more
The recent hacking of the sensitive personal information of millions of American public servants at the Office of Personnel Management (OPM) points out a noteworthy distinction in how the U.S. government views some types of...more