On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and...more
Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.
As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah...more
On February 3, the Illinois Supreme Court unanimously ruled in McDonald v. Symphony Bronzeville Park, LLC, 2022 IL 126511, that the exclusivity provisions of the Illinois Workers’ Compensation Act (WCA) do not preempt...more
On January 28, 2022 the Consumer Protection Section of the Colorado Attorney General’s Office issued guidance regarding data security best practices. Businesses subject to the Colorado Privacy Act can look to these best...more
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening...more
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a...more
Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the...more
Over the past four years, U.S. companies have been forced to expand their compliance programs to comply with an expanding array of international and U.S. state privacy laws. The wave of privacy laws began in May 2018, when...more
Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia. Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”)...more
The latest wrinkle in the ever-changing world of data privacy litigation is the recent surge in state wiretap claims. What began as a trickle over the summer of 2020 has grown into a clear wave as plaintiffs have filed dozens...more
In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing....more
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott...more
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System...more
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as...more
The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”)....more
On November 17, 2020, H.R. 1668, the “Internet of Things Cybersecurity Improvement Act of 2020”, was unanimously passed by the Senate. The bill is now on its way to President Trump for signature or veto....more
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand...more
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman...more
1. Overview of the regulatory issues facing companies—and cyber insurers—that may need to respond to ransomware emanating from a threat actor or group with potential ties to entities on federal lists.-
The U.S. Treasury...more
On August 19, 2020, the United States District Court for the Northern District of California granted preliminary approval of the class action settlement in In re Facebook Biometric Information Privacy Litigation,...more
8/21/2020
/ Attorney's Fees ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Class Members ,
Corporate Counsel ,
Data Collection ,
Evidentiary Hearings ,
Facebook ,
Facial Recognition Technology ,
IL Supreme Court ,
Popular ,
Statutory Damages
On August 14, 2020, the California Office of Administrative Law (“OAL”) approved in part and withdrew in part the Regulations regarding the California Consumer Privacy Act (“CCPA”). While most of the changes are...more
On July 16, 2020, the European Court of Justice (Court) ruled in the “Schrems II” case that the one of the most commonly used cross border data transfer mechanisms between the European Union (EU) and the United States (US),...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
With the ongoing covid crisis leaving businesses of all sizes concerned about the short and medium term future, the intimidating task of considering a liquidation or restructuring is inevitably starting to become a reality. ...more
Businesses subject to the California Consumer Privacy Act (“CCPA”) that have begun exploring the possibility of collecting data from visitors to their facilities to track potential coronavirus exposure and to allow/deny entry...more
As people across the country and world try to figure out how to protect themselves against the spread of coronavirus, hackers are working hard to spread their own viruses....more