The California Consumer Privacy Act (CCPA) gives consumers the right to request that a business (1) respond to a consumer with a list of the categories or specific pieces of personal information that the business has...more
The California Consumer Privacy Act (CCPA) gives consumers the right to request that a business (1) respond to the consumer with a list of the categories or specific pieces of personal information that the business has...more
11/22/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-In ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Right To Know
All businesses subject to the California Consumer Privacy Act (CCPA) will need to have privacy policies that comply with the CCPA, regardless of whether they conduct business in person, online, or through mobile apps, and...more
The California attorney general released the highly anticipated proposed regulations implementing the California Consumer Privacy Act (CCPA) on October 10, providing detailed guidance on CCPA compliance for affected...more
The second article in our Guide to the CCPA series focuses on verifying consumer requests received pursuant to the California Consumer Privacy Act (CCPA). The California attorney general’s recently proposed regulations...more
Nevada Senate Bill (SB) 220 will go into effect on October 1, 2019. SB 220 amends Nevada’s data privacy law to require that website operators honor a consumer’s request not to sell the consumer’s personal information. Exempt...more
Recent legislative developments in both the US House of Representatives and the US Senate indicate that further regulation of robocalls may be on the horizon. On March 7, the House introduced HR 1602, the House version of the...more
Dear Retail Clients and Friends:
The California Supreme Court recently ruled that consumers cannot file suit to force a retailer to seek a refund of sales taxes from the California tax agency absent a determination by the...more
In a significant ruling for businesses operating in Illinois, the Illinois Supreme Court held that plaintiffs are not required to allege actual harm to sue for liquidated damages and/or injunctive relief under the state’s...more
The UK Court of Appeal recently upheld a decision by the UK High Court ruling that employers can be vicariously liable for an employee’s misuse of personal data under the control of the employer. Employers should also be...more
Colorado Governor John Hickenlooper recently signed into law House Bill 1128, which will take effect on September 1, 2018. The new law requires businesses owning, maintaining, or licensing personal information of Colorado...more
The launching of the website, recently announced by the Delaware attorney general, is part of an effort to assist companies in meeting the notification requirements of the state’s recently amended data breach law....more
The European General Data Protection Regulation, which will come into force on May 25, 2018, requires companies, including investment managers, funds, banks, and broker-dealers, with operations in Europe or information about...more
4/18/2018
/ Banks ,
Broker-Dealer ,
Data Breach ,
Data Protection ,
EU ,
Financial Conduct Authority (FCA) ,
Financial Institutions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Investment Management ,
Personal Data ,
UK
In a much-anticipated decision, the US Court of Appeals for the DC Circuit has ruled on the Federal Communication Commission’s 2015 Declaratory Order on the Telephone Consumer Protection Act, focusing on autodialing...more
The ruling stems from a case that signals a growing trend toward group action litigation involving data protection, and poses new risks for companies who should respond with increased vigilance in employee recruitment,...more
A new FTC policy eliminates the requirement to obtain parental consent to collect a recording of a child’s voice in certain circumstances....more
A recent update of the FTC’s COPPA compliance plan for businesses focuses on internet-connected toys and devices aimed at children; FBI issues a Public Service Announcement with a similar focus....more
The GDPR will apply to the UK when it is effective on May 25, 2018, but the government will need to adopt domestic data privacy legislation upon the UK’s pending exit from the EU....more
3/22/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Popular ,
UK ,
UK Brexit ,
UK Data Protection Act
The new law gives UK intelligence and law enforcement bodies sweeping surveillance powers.
The IPA was introduced in response to recommendations that David Anderson QC made, in his capacity as the Independent Reviewer of...more
Dear Retail Clients and Friends,
California voters recently approved a statewide proposition banning certain plastic single-use bags. This edition of Morgan Lewis Retail Did You Know? describes the new requirements in...more
Over two years after the enactment of Canada’s anti-spam legislation, the Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first decision on the law, with a particular focus on the consent...more
Dear Retail Clients and Friends,
The Consumer Financial Protection Bureau (CFPB) recently released rules that impose specific requirements applicable to prepaid accounts, including prepaid cards. This edition of Morgan...more
The EU-US Privacy Shield—successor to the invalidated Safe Harbor program for transatlantic transfers of EU personal data—was finally approved on July 12, 2016....more
Following the United Kingdom’s nonbinding vote to leave the European Union (“Brexit”), what do businesses need to consider for data privacy compliance?...more
The Court holds that allegation of a statutory violation is not solely sufficient to satisfy the “concrete harm” requirement for purposes of Article III standing in federal court....more