On April 13, the Washington State Senate unanimously passed an amendment to the state’s data breach notification law. The amendment, which was requested by Washington Attorney General Bob Ferguson, and which we discussed in this previous post, passed the state house of representatives in March and is now awaiting the governor’s signature. The law

Christine Nielsen Czuprynski
Oregon AG Seeks Tougher State Breach Law
State attorneys general (AGs) are regulators with varying enforcement priorities and policy agendas, even within a focused issue such as data privacy and security. Over the last year, The Privacy Advisor has interviewed a number of state AGs who are active in privacy to gain insight into their views. In this spotlight, we talk to…
Update: Proposed Settlement in Target Data Breach Litigation
The proposed settlement agreement in the Target data breach consumer litigation that we reported on on March 19, 2015 has been approved by the judge, and a final approval hearing set for November 10, 2015. Based on this order, class members should start to receive notice of the settlement within 45 days of yesterday’s
Proposed Settlement in Target Data Breach Litigation
A proposed settlement has been reached in the multi-district consumer litigation Target faces following a data breach that compromised at least 40 million credit cards during the 2013 holiday shopping season. The settlement, which requires Target to pay $10 million into a settlement fund and adopt specific data security measures, still needs court approval.
If…
Update on State Attorneys General: Connecticut Creates a Permanent Privacy Department; NAAG Covers Big Data, Cybersecurity, and Cloud Computing; and States Amend Breach Laws
The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those…
FTC Report Offers Privacy and Security Guidance for ‘Internet of Things’
This post was written by Frederick Lah.
On Tuesday, January 27, the FTC issued a 71-page Staff Report on the privacy and security issues with the Internet of Things. As we’ve noted in our previous blog posts, the Internet of Things (“IoT”) refers to the growing ability of everyday devices to monitor and communicate information…
OECD Releases Guidance for Digital Consumer Products
The Organisation for Economic Cooperation and Development (OECD) released Consumer Policy Guidance on Intangible Digital Content Products (Guidance) for protecting online consumers of digital content.
With the expansion of the Internet and mobile devices, digital content has grown considerably. The OECD recognizes that this has brought consumers considerable benefits, “including ready access to a wide…
Is Your Employee-Monitoring Policy Up to the Job? UK Case Shows Importance of Having the Right Policy
The UK Employment Appeal Tribunal (the “EAT”), in the case of Atkinson v Community Gateway Association UKEAT/0457/12/BA, dismissed the employee’s claim that his right to privacy had been infringed, and confirmed, more generally, that an employer will be entitled to monitor its employees’ workplace emails and Internet use where a clear policy…
EU Art. 29 Proposes Class Actions to Enforce Privacy Rights
This month, the Article 29 Data Protection Working Party (Working Party) and the French Data Protection Authority (CNIL) held the European Data Governance Forum, an international conference focusing on the issues of privacy, innovation and surveillance in Europe. The conference highlighted many of the issues raised in the Joint Statement released by the Working Party…
Oregon Breach Notification Law Changes on the Horizon
On December 10, Oregon Attorney General Ellen Rosenblum testified in front of the joint Oregon Senate and House Judiciary Committee on the evolving nature of not only data collection and use, but also on cybersecurity incidents and hacking, and the need to amend the Oregon data breach notification law to provide enforcement authority to the…