Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will...more
Pennsylvania recently amended its data breach notification law to expand its definition of personal information and provide for a HIPAA exception. The process for providing notice in the event of a username/email breach has...more
The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by CCPA) that provide online services or...more
The FTC recently took two well-publicized steps in the children’s privacy space. First, it penalized WW International (formerly, Weight Watchers) and its subsidiary, Kurbo, for alleged COPPA violations. Second, it unanimously...more
5/31/2022
/ COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Websites
As discussed in our sister blog, CARU’s revised Ad Guidelines go into effect on January 1, 2022. While the core principles of the guidelines have not changed, they now include new content to account for today’s advertising...more
8/27/2021
/ Advertising ,
CARU ,
COPPA ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Gaming ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Privacy Policy ,
Social Media ,
Terms of Service
The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place...more
The FTC recently settled with Flo Health, Inc., a popular fertility-tracking app, based on promises made about how health data would be shared. In its complaint, the FTC alleged that while Flo promised to keep users’ health...more
The FTC recently settled with Ascension Data & Analytics for failure to oversee service providers. Ascension provides services to mortgage companies within its corporate family of entities. According to the complaint,...more
The EDPB recently published recommendations on additional security steps to take when transferring personal data out of the EU. As outlined in our previous series of posts, the EU found this summer that the EU-US Privacy...more
In the current pandemic era, kids are spending more time online, be it for school or entertainment. Companies are therefore gearing up for increased interaction with children online or through connected devices. As children...more
In this remote era, companies are increasingly being approached by their business teams with ideas about products and services that involve video or audio recordings of their consumers. It may also involve letting people...more
Vermont recently amended its data breach notification law. The changes will go into effect July 1, 2020. As amended, the definition of “personal information” now includes the following when combined with a consumer’s first...more
The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and...more
The FTC recently settled with Infotrax Systems, L.C. a technology company providing software to the direct sales industry. The settlement followed a breach suffered by the company, and involved allegations the company had...more
11/21/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Software Developers ,
Technology Sector
One of the CCPA amendments that has gone to the governor’s desk is AB 1564, which addresses the methods companies must make available to consumers to exercise their rights under CCPA. Businesses which operate exclusively...more
10/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Subjects Rights ,
Email ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Toll-Free Numbers ,
Websites
One of the amendments we’ve been watching over the past months is one that impacts rights of employees -both the company’s and other company’s employees. Under AB25, which passed the California Senate and is now awaiting...more
Illinois has updated its breach notice law to require, effective January 1, 2020, notice to the Illinois Attorney General of a data breach involving more than 500 Illinois residents.
The law contains specific requirements...more
As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective...more
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personally Identifiable Information ,
Policies and Procedures ,
Security Risk Assessments ,
SHIELD Act ,
State Data Breach Notification Statutes
Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data...more
8/21/2019
/ Brazil ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Authority ,
Data Security ,
Data Subjects Rights ,
New Legislation ,
Personally Identifiable Information ,
Privacy Laws
Maryland has amended its breach notification law to require businesses that maintain data, not just those that own or license the data, to conduct “a reasonable and prompt investigation” into whether personal information has...more
7/3/2019
/ Amended Legislation ,
Cooperation ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Duty to Investigate ,
Personally Identifiable Information ,
State Data Breach Notification Statutes ,
Vendors
The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients...more
6/25/2019
/ Car Dealerships ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
Data Security ,
Data Storage ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Hackers ,
Personally Identifiable Information ,
Safeguards Rule ,
Section 5 ,
Security Risk Assessments ,
Settlement
Nevada recently amended its existing online privacy law to give Nevada residents the ability – in certain circumstances – to opt out of the sale of their data to third parties. The amendment goes into effect October 1, 2019,...more
6/21/2019
/ Amended Legislation ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Use Policies ,
Data-Sharing ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Website Owner Liability
California legislators have passed many bills to amend the California Consumer Protection Act since the law was passed. Last week there was significant developments in the status of those bills, as we reported. In addition to...more
5/29/2019
/ Amended Legislation ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data-Sharing ,
Pending Legislation ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
North Dakota criminal law currently contains penalties for misusing the personal information of another. That law has been expanded, and beginning August 1, 2019, it is a class B felony to use a skimmer or scanning device to...more