While the term “dark patterns” is not new, it has recently been getting a more attention, not least because the newly passed California Privacy Rights Act (“CPRA”) will regulate dark patterns. In this article, we will focus...more
Voters in California have passed Proposition 24, commonly referred to as the California Privacy Rights Act of 2020 (“CPRA”). Less than a year after the CCPA became effective, the voters’ approval of the CPRA will provide...more
11/9/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Popular
More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast...more
In a proposed class action lawsuit filed in the U.S. District Court for the Northern District of California, Google is facing a potential $5 billion class action for alleged privacy law violations. The complaint alleges that...more
6/22/2020
/ CIPA ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Google ,
Invasion of Privacy ,
Popular ,
Websites ,
Wiretap Act
The Coronavirus Aid, Relief and Economic Security (“CARES”) Act has created a flurry of far reaching considerations for affected businesses, ranging from tax, employment, and even telehealth. Beyond these issues, businesses...more
We recently provided some insights regarding how countries across the world are using data to fight COVID-19. The United States Senate, Committee on Commerce, Science, and Transportation, has recently conducted a hearing...more
We previously provided insights into this important portion of the regulations... In this installment we address important revisions provided by the AG’s office to Article 3 of these regulations, several of which will have...more
With the CCPA having just become effective January 1st, 2020, affected entities and consumers may not have expected that actions are already being taken to dramatically amplify the consumer protections put in place by the...more
On the heels of the passing one of the nation’s leading pieces of privacy legislation, the California Consumer Privacy Protection Act (“CCPA”), Governor Newsom, used his first “State of the State” address, to highlight his...more
The California Attorney General’s Office (CAGO) is conducting a series of public hearings around the state to gather input on the California Consumer Privacy Act of 2018 (CCPA). We attended the CAGO’s January 25th, 2019...more
Recently, Oath, a wholly-owned subsidiary of Verizon Communications agreed to pay $4.95 million to settle charges from the New York attorney general’s office that the company’s online advertising business was violating...more
California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”). Governor Brown recently signed into law two nearly identical bills,...more
10/4/2018
/ Acquisitions ,
California Consumer Privacy Act (CCPA) ,
Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Governor Brown ,
Manufacturers ,
Mergers ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
The Securities and Exchange Commission (“SEC”) released expansive interpretive guidance (“2018 Guidance”), posted February 21, 2018, further building upon its far-reaching cybersecurity guidance provided in 2011. Below are...more
3/2/2018
/ Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Financial Statements ,
Guidance Update ,
Insider Trading ,
Interpretive Opinions ,
Materiality ,
Policies and Procedures ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC)
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
2/21/2018
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy
The U.S. Supreme Court heard oral arguments in what may become one of the defining consumer privacy cases of our generation. The central question in Carpenter v. United States asks whether the government violates the Fourth...more
1/30/2018
/ Carpenter v US ,
Cell Phones ,
Criminal Investigations ,
Cybersecurity ,
Electronically Stored Information ,
Fourth Amendment ,
Location Data ,
Reasonable Expectation of Privacy ,
SCOTUS ,
Search & Seizure ,
Stored Communications Act ,
Third-Party Service Provider ,
Warrantless Searches
Recently, there has been a lot of discussion regarding the Spectre and Meltdown vulnerabilities. This alert provides a simple overview of what these vulnerabilities are, what systems could be affected, as well as steps that...more
The National Association of Insurance Commissioners (NAIC) has approved its draft of the Insurance Data Security Model Law (Model Law) via a meeting of its Executive and Plenary Committees. This important development follows...more
12/12/2017
/ Cybersecurity ,
Data Protection ,
Data Retention ,
Driver's Licenses ,
Financial Services Industry ,
Information Security ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Reporting Requirements ,
Risk Management ,
Third-Party Service Provider
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
Recently proposed legislation in Ohio could provide businesses with special protection from lawsuits in the event of a hack under certain circumstances. Senate Bill 220 would shelter businesses that have been proactive in...more
11/14/2017
/ Attorney General ,
Chief Information Officers (CIO) ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
NYDFS ,
Office of Consumer Affairs ,
Pending Legislation ,
Proposed Legislation ,
Safe Harbors
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching...more
Recently the United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) and a branch of the Office of...more