On June 6, the Texas Attorney General published a news release announcing that the Attorney General has opened an investigation into several car manufacturers. The news release states that the investigation was opened “after widespread reporting that [car manufacturers] have secretly been collecting mass amounts of data about drivers directly
Continue Reading Texas Attorney General Opens Investigation into Car Manufacturers’ Collection and Sale of Drivers’ DataTexas
Texas Passes Data Privacy and Security Act
On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act, making it the sixth state to pass a comprehensive data privacy law this year. The Act shares many similarities with Virginia, although there are some distinctions. If signed into law, the Act would take…
Continue Reading Texas Passes Data Privacy and Security ActWashington Becomes the Third State with a Biometric Law
On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute. The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose.” It also places restrictions on the sale, lease, and other disclosure of enrolled biometric identifiers. With the new law, Washington has become only the third state after Illinois and Texas to enact legislation that regulates business activities related to biometric information. Although the three laws seek to provide similar consumer protections around the collection, use, and retention of biometric data, the Washington law defines the content and activity it regulates in different terms, and, similar to Texas, but unlike Illinois, the Washington law does not provide a private right of action.
The Washington statute, as compared to existing biometrics laws, is notable for its definition of “biometric identifier.” In the law, a “biometric identifier” is “data generated by automatic measurements of an individual’s biological characteristics,” including “fingerprints, voiceprints, eye retinas, irises, or other unique biological patterns or characteristics that is used to identify a specific individual.” Washington’s definition of “biometric identifier” may be broader than that in the Texas statute, but Washington’s definition does not specifically provide for a “scan of hand or face geometry,” as is the case in the Illinois statute. Washington’s definition of “biometric identifiers” specifically excludes “physical or digital photograph, video or audio recording or data generated therefrom” (in addition to certain health-related data), suggesting the statute will have limited application in the context of facial recognition technology.
Continue Reading Washington Becomes the Third State with a Biometric Law
Texas Data Breach Amendment Takes Effect; Connecticut On Deck
This week, the much talked-about amendments to Texas’s breach notice statute took effect. We previously blogged about these amendments, which are unprecedented in scope. With the amendments, the Texas statute now requires entities doing business in Texas to notify “any individual” whose “sensitive personal information” is acquired in a breach…
Continue Reading Texas Data Breach Amendment Takes Effect; Connecticut On Deck
Judge Dismisses Putative Class Action Against “Who’s-Who of Social Media Companies”
A court in Texas recently dismissed a lawsuit it described as “an aspiring class action against a veritable who’s-who of social media companies.” The Plaintiffs in Opperman v. Path claimed that the Defendants improperly used their smartphone apps to copy, upload, and store Plaintiffs’ address book information without their consent.…
Continue Reading Judge Dismisses Putative Class Action Against “Who’s-Who of Social Media Companies”
Six Months Until Texas Data Breach Amendment Takes Effect
As a reminder, unless it is repealed or delayed in the next six months, a far-reaching amendment to the Texas data security breach notice statute, Tex. Bus. & Comm. Code § 521.001 et seq., is scheduled to take effect on September 1, 2012. The amendment would substantially impact the…
Continue Reading Six Months Until Texas Data Breach Amendment Takes Effect
California’s Online Impersonation Law Comes Into Effect
A California law that took effect on January 1, 2011 makes it a crime to impersonate someone online. Any person who knowingly and without consent impersonates another actual person through electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a misdemeanor. “Electronic means” is defined to include opening an e-mail account or social networking profile in another person’s name. A violation of the law occurs only if the impersonation is credible, meaning that another person would reasonably believe that the defendant was the person impersonated.Continue Reading California’s Online Impersonation Law Comes Into Effect