On the eighth episode of our Inside Privacy Audiocast, we peer through the looking glass at the U.S. election and the future of privacy laws in the U.S. We discuss whether the November 3 election is likely to be a watershed event in the development of privacy laws in the U.S. In this episode, Dan … Continue Reading
Yesterday, the California Attorney General (“AG”) proposed a fourth set of modifications to the California Consumer Privacy Act regulations. These modifications build on the third set of proposed regulations released by the AG in October, which we discussed here. Interested parties have until December 28 to submit comments in response.… Continue Reading
Voters in California approved Proposition 24, which updates the California Consumer Privacy Act (“CCPA”) just a few months after the landmark regulations implementing the privacy law went into effect. As we have previously explained, the California Privacy Rights Act (“CPRA”) will change the existing CCPA requirements in a number of ways, including limiting the sharing … Continue Reading
On our fourth episode of our Inside Privacy Audiocast, we are aiming our looking glass at the California Privacy Rights Act, and are joined by guest speaker Jacob Snow, Technology and Civil Liberties Attorney with the American Civil Liberties Union of Northern California. In September 2019, Alastair Mactaggart, Board Chair and Founder of Californians for … Continue Reading
The California legislature has approved a contingency plan to ensure that certain California Consumer Privacy Act (“CCPA”) exemptions will be extended beyond December 2020. Regardless of what happens with the November ballot initiative, businesses will have at least another year before they must comply with all of the CCPA’s provisions when collecting or using certain … Continue Reading
On May 5th, 2020, the California Assembly Committee on Privacy and Consumer Protection held a hearing and considered AB 2811, a bill that would amend existing California law governing automatic renewals. As currently drafted, AB 2811 would: require businesses to provide 3-7 days’ notice explaining how to cancel an automatic renewal offer or continuous service … Continue Reading
On May 4th, 2020, Californians for Consumer Privacy confirmed that they had submitted hundreds of thousands more signatures than required to qualify for a ballot initiative. It is still yet unknown whether the Attorney General will qualify the ballot for the November 2020 election, let alone whether it would pass. If the initiative passes, it … Continue Reading
In the latest development in the CCPA saga, the California Attorney General has further modified the draft regulations implementing the California Consumer Privacy Act (“CCPA”). His office’s website posted clean and redlined versions of the new regulations (the “March draft regulations”). Below, please find a summary of some of the most notable changes:… Continue Reading
While some state legislators are still putting away their holiday decorations, New Hampshire legislators introduced new data privacy legislation, New Hampshire House Bill 1680. The legislation is similar to the California Consumer Privacy Act (which we’ve written extensively about before, including here and here). It grants consumers access, portability, transparency, non-discrimination, deletion, and opt-out-of-sale rights … Continue Reading
On December 18, 2019, staffers on the House Energy and Commerce Committee circulated a draft of a bipartisan privacy bill. The draft is currently unnamed and unfinished, but it lays out a comprehensive framework that expands both individuals’ rights to their data and the FTC’s enforcement role over digital privacy. Rep. Cathy McMorris-Rodgers (R-Wash.) and … Continue Reading
The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour. Officers check these numbers … Continue Reading
Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments. This framework provides private entities a series of steps to establish a formal program … Continue Reading
As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500). Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading
In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy. Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings. Yesterday’s Resolution on … Continue Reading
On August 1, Representatives Lee Terry (R- Neb.) and Jan Schakowsky (D-Ill.) announced the creation of a bipartisan Privacy Working Group in the U.S. House of Representatives that will seek to “examine online privacy concerns and issues…with a balanced approach that recognizes the need to protect personal information online in a manner that preserves growth … Continue Reading
The U.S. Supreme Court unanimously ruled on Tuesday that plaintiffs bringing class actions cannot escape federal jurisdiction by stipulating to seek less than $5 million in damages. In a nine-page opinion, the Court held that plaintiff Greg Knowles had no power to speak for the proposed class when he stipulated in a lawsuit against Standard … Continue Reading
On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006. Mandiant claims the activity—carried out by a group called the … Continue Reading
On Wednesday, a federal judge in the Central District of California dismissed Humana Pharmacy Inc.’s motion to dismiss a putative class action suit alleging the company illegally recorded telephone calls with customers, finding that the California Invasion of Privacy Act (“CIPA”) does not exempt quality assurance recordings. In its motion to dismiss, Humana argued that CIPA exempts … Continue Reading
The U.S. Supreme Court ruled on Tuesday that the federal government does not always lose its sovereign immunity to damages lawsuits claiming that an agency violated the Fair and Accurate Credit Transactions Act (“FACTA”) by printing the expiration date of a credit card on a receipt issued to a consumer. In a unanimous decision, authored … Continue Reading
By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks. Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading
According to TechWeek Europe, the United States Department of Commerce is working with the United States Chamber of Commerce to lobby European Union officials in an effort to change certain provisions of the EU’s proposed General Data Protection Regulation. If enacted, the Regulation, which was published in draft form in January 2012, would supersede the … Continue Reading
Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law. Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading
In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC. Weitzner emphasized that … Continue Reading
Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that … Continue Reading
