With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020. But the rapid pace of privacy legal developments could continue next year. This past year, five states established studies or task forces to study … Continue Reading
The Governor of Massachusetts recently signed House Bill No. 4806 into law, which will amend certain provisions of the state’s data breach notification law. In addition to changing the information that must be included in notifications to regulators and individuals, the amendments will also require entities to provide eighteen months of free credit monitoring services … Continue Reading
Last week, the D.C. Circuit heard oral argument in the lawsuit filed against Urban Outfitters and Anthropologie over their collection of customer ZIP codes at the point of sale. The plaintiffs alleged that the practice of requesting ZIP codes at the point of sale during credit card transactions violated two D.C. statutes, the Consumer Protection … Continue Reading
As we previously blogged, in a case concerning retail chain Michaels Stores, the Supreme Judicial Court of Massachusetts (SJC) recently issued a broad ruling regarding the circumstances in which consumers may sue for collection of zip code information during credit card transactions under Massachusetts law. Two separate putative class actions now have been filed under … Continue Reading
In a recent decision, the Supreme Judicial Court of Massachusetts (“SJC”) broadly interpreted a statute that governs the personal information that may be collected by a merchant during a credit card transaction. The decision, Tyler v. Michaels Stores, Inc., SJC-1145 (Mass. March 11, 2013), was issued in response to three questions that had been certified … Continue Reading
As of March 1, 2012, all companies storing the personal information of Massachusetts residents with a third-party service provider must contractually require the service provider to maintain data security measures “consistent” with the Massachusetts data security regulations. (You can read our overview of these regulations here.) Among other things, those regulations—most of which took effect in … Continue Reading