Over the past four years, U.S. companies have been forced to expand their compliance programs to comply with an expanding array of international and U.S. state privacy laws. The wave of privacy laws began in May 2018, when...more
Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia. Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”)...more
The latest wrinkle in the ever-changing world of data privacy litigation is the recent surge in state wiretap claims. What began as a trickle over the summer of 2020 has grown into a clear wave as plaintiffs have filed dozens...more
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott...more
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as...more
The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”)....more
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand...more
Businesses subject to the California Consumer Privacy Act (“CCPA”) that have begun exploring the possibility of collecting data from visitors to their facilities to track potential coronavirus exposure and to allow/deny entry...more
On Friday, February 7, 2020, the California Attorney General’s (AG) Office released modified regulations to the California Consumer Privacy Act (CCPA). The modified regulations incorporate amendments to the CCPA signed into...more
2/11/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or...more
10/22/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Request For Information ,
Rulemaking Process ,
State and Local Government ,
Two-Step Verification ,
Verification Requirements
To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal...more
10/18/2019
/ Attestation Requirements ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
The California Attorney General’s Office released its long-awaited proposed CCPA Regulations yesterday. The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including...more
10/11/2019
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Regulation ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
On September 13, 2019—the last day of the legislative session—California lawmakers approved five amendments intended to clarify the scope of the California Consumer Privacy Act (the “CCPA”), but rejected several...more
9/17/2019
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
At what has been described as a marathon hearing that lasted late into the night of July 9, the California Senate Judiciary Committee advanced several amendments to the California Consumer Privacy Act (the “CCPA”), but major...more
7/11/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Rulemaking Process
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/30/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual...more
1/29/2019
/ Amusement Parks ,
Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Fingerprints ,
IL Supreme Court ,
Injury-in-Fact ,
Liquidated Damages ,
Personal Data ,
Personally Identifiable Information ,
Standing ,
Statutory Violations
For good reason, there has been much discussion about the new privacy rights created by the California Consumer Privacy Act of 2018 (CCPA), which becomes effective January 1, 2020. ...more
11/21/2018
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action
Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information...more
As we first reported in our January 22, 2018, alert, the Colorado legislature is considering legislation that, if enacted, would significantly change Colorado privacy and data security law....more
There are several key takeaways from a 20-year proposed consent order agreed to by Uber Technologies, Inc. (Uber) and the Federal Trade Commission (FTC)...more
8/21/2017
/ Antitrust Provisions ,
Antitrust Violations ,
Cloud Storage ,
Corporate Counsel ,
Customer Privacy ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Sharing Economy ,
Uber