With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020. But the rapid pace of privacy legal developments could continue next year. This past year, five states established studies or task forces to study … Continue Reading
As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs … Continue Reading
Last week, after months of negotiation and speculation, the California legislature passed bills amending the California Consumer Privacy Act (“CCPA”). This marked the last round of CCPA amendments before the legislature adjourned for the year—and before the CCPA takes effect on January 1, 2020. California Governor Gavin Newsom has until October 13 to sign the … Continue Reading
At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here). Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests in her … Continue Reading
Earlier this month, Maine’s legislature enacted a new statute granting broad privacy rights to internet users in the state. Hailed as “the strictest consumer privacy protections in the nation,” the statute places among the toughest burdens on regulated entities to protect the data of their consumers. The statute applies only to broadband internet service providers … Continue Reading
On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice. In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction … Continue Reading
One week from today, Covington will host its first webinar in a series on connected and automated vehicles (“CAVs”). The webinar will take place on February 27 from 12 to 1 p.m. Eastern Time. During the webinar, Covington’s regulatory and legislative experts will cover developments in U.S. law and regulations relating to CAVs. Those topics … Continue Reading
Vermont and the District of Columbia recently joined the growing list of states that have enacted automatic renewal statutes. Automatic renewal clauses (“auto-renewals”) allow providers of goods or services to bill consumers periodically without obtaining express consent before each billing cycle. These clauses are becoming increasingly common for a variety of goods and services. Regulators … Continue Reading
Less than three months ago, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). Industry and privacy watch groups alike have scrutinized the law. This summer saw fierce negotiations all in the name of improving the CCPA. Last Friday, on August 31, 2018, the California legislature passed SB 1121 to amend the CCPA. The … Continue Reading
This spring has seen significant legislative activity with regards to state data breach notification laws, ranging from new laws in Alabama and South Dakota to amendments to existing laws in Oregon, Arizona, and elsewhere. Continuing this trend, three states recently passed legislation to amend their existing data breach notification laws. Legislation recently passed in Colorado … Continue Reading
[This article was originally published in Law360] Last week, South Dakota became the 49th U.S. state to enact a data breach notification law with the passage of S.B. 62, which sets forth requirements for notifying state residents, the state attorney general, and major consumer reporting agencies in the event of a breach. The law, which … Continue Reading
A bill pending in the California legislature, if passed, would create new obligations for manufacturers of “connected devices.” S.B. 327 (also known as the “Teddy Bear and Toaster Act”) would operate somewhat differently than existing laws, such as the California Online Privacy Protection Act (“CalOPPA”). Security obligations. Manufacturers of connected devices that sell those devices … Continue Reading
On July 21, New Jersey Governor Chris Christie signed into law the Personal Information Privacy Protection Act (PIPPA) (S. 1913), which limits the circumstances under which “retail establishments” (retailers) can collect and use information obtained by scanning the state-issued identification cards of customers. The new law limits the ability of retailers to scan the barcode … Continue Reading
On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute. The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, obtaining consent, or … Continue Reading
The FCC has released the Notice of Proposed Rulemaking (“NPRM”) on “Restoring Internet Freedom” that was adopted by a 2-1 vote at the Commission’s open meeting on May 18. The NPRM is substantively very similar to the draft released by Chairman Pai on April 27, and the comment deadlines remain the same: July 17 for … Continue Reading
Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would create new online privacy requirements. The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of … Continue Reading
As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading
By Hannah Lepow Maryland is poised to become the second state in the country to ban businesses from contractually prohibiting customers from posting bad reviews online. The Nondisparagement Clauses in Consumer Contracts bill passed the state House on February 19 by an overwhelming majority and now goes on to the state Senate. Maryland’s law substantially … Continue Reading
By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law a trio of bills that is intended to clarify key elements of the state’s data-breach notification statute and provide guidance to persons, businesses, and state and local agencies that deal with electronically stored personal information. The bills, which were passed together … Continue Reading
By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law Assembly Bill 1116 (A.B. 1116), which regulates the manner in which smart TVs must notify users of voice-recognition technology and may use recorded voice commands. The bill, which was passed unanimously by both houses of the California legislature earlier this year, … Continue Reading
State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.… Continue Reading
By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report. The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013. The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics … Continue Reading
Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1. Requires Companies that Maintain Personal Information to Implement … Continue Reading
Last week, California enacted bills SB 1177 and AB 1584, strengthening student privacy protections in the State. SB 1177 prohibits operators of online sites or mobile apps who know that their services are used primarily for K-12 school purposes and whose services designed and marketed as such (“operators”) from using K-12 student data in four … Continue Reading
