On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215. Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents. Below is a summary of the key changes of which businesses should be aware.
Continue Reading Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses
attorney general
Still working on it – draft CCPA regulations are modified a second time
Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions released by the AG last month (see February 10 Reed Smith client alert here). Written comments to this second set of proposed revisions must be submitted by March 27, 2020.
This set of proposed revisions was not extensive. Highlights appear below.
Continue Reading Still working on it – draft CCPA regulations are modified a second time
Maryland Attorney General Brian Frosh talks to Reed Smith about privacy and consumer protection
Reed Smith IP, Tech & Data attorneys Divonne Smoyer and Alexis Cocco conducted an in-depth Q&A with Maryland Attorney General Brian Frosh. During the interview, he discusses his priorities for data privacy and security for Maryland, including his hopes for future legislation in both Maryland and federally. AG Frosh is currently in his second term…
Equifax agrees to enhanced security and privacy measures and will pay states and the Consumer Financial Protection Bureau at least $575 million to resolve multistate investigation of 2017 data breach.
The recently announced multistate settlement between credit reporting company Equifax Inc. and the Attorneys General of 48 states, Puerto Rico, and the District of Columbia (the AGs) demonstrates the increasingly active role of state regulators in policing the privacy and security practices of businesses that handle consumers’ personal information. The multistate settlement is part of a comprehensive agreement between Equifax, the AGs, and other state and federal regulators, under which Equifax will pay at least $575 million and up to $700 million to resolve investigations and litigation arising out of a 2017 data breach alleged to have affected over 147 million consumers.
Continue Reading Equifax agrees to enhanced security and privacy measures and will pay states and the Consumer Financial Protection Bureau at least $575 million to resolve multistate investigation of 2017 data breach.
FTC and state law enforcement officials step up efforts against illegal telemarketing
The Federal Trade Commission (FTC) announced a joint state-and-federal initiative, “Operation Call It Quits,” which targets illegal telemarketing practices that violate the FTC’s Telemarketing Sales Rule (TSR).
The TSR, which applies to interstate telephonic marketing communications intended to “induce the purchase of goods or services or a charitable contribution,” makes it illegal to engage in “abusive” acts and practices like failing to transmit caller identification information, calling telephone numbers listed on the National Do Not Call Registry, and using certain types of prerecorded messages or “robocalls.” The TSR also makes it illegal to engage in “deceptive” acts and practices while on a telemarketing call, like processing billing information without authorization, failing to fully disclose certain information before a customer consents to pay for goods or services, and misrepresenting material details of a sale. As part of this latest sweep of TSR enforcement, the FTC announced four newly filed actions:
- In the first action, the FTC filed suit in the U.S. District Court for the Middle District of Florida against corporate and individual defendants alleged to have made illegal robocalls to “financially distressed consumers” with offers of “bogus credit card interest rate reduction services.”
- In the second action, the FTC filed suit in the U.S. District Court for the Central District of California against individual and corporate defendants accused of using illegal robocalls to sell “fraudulent money-making opportunities.”
- The third action, filed on the FTC’s behalf by the U.S. Department of Justice (DOJ) in the Middle District of Florida, targeted the “informational technology (IT) guy” alleged to have developed and operated computer-based “autodialer” technology used to make millions of illegal robocalls.
- The fourth action, filed by the DOJ on the FTC’s behalf in the U.S. District Court for the Central District of California, alleges that a business and its individual owners sought to develop marketing leads for home solar energy companies by making millions of illegal robocalls and engaging in other abusive practices, including making more than 1,000 calls to a single telephone number in one year.
State Attorneys General and the data economy: lead, protect, enforce
With the passage of the California Consumer Privacy Act but no clear federal consumer privacy law on the imminent horizon, state Attorneys General (AGs) continue to investigate and analyze how best to protect their consumers. To further that goal, the National Association of Attorneys General hosted a panel entitled Emerging Issues in the Data Economy at its Winter Meeting in Washington, D.C. The panel was convened to discuss the role AGs can and should play in data privacy in an ever-changing economy. Doug Peterson, Nebraska’s AG, moderated the panel, which included Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection at the Federal Trade Commission (FTC), Ryan Krieger, Assistant AG, Public Protection Division of the Vermont Attorney General’s Office, and Daniel Castro, Vice President of the Information Technology and Innovation Foundation.
As with recent House and Senate Hearings addressing these topics, the focus remained on balance: what the legal landscape should look like, who should be doing the enforcing and how that enforcement should work, and how to protect consumers without stifling innovation and entrepreneurship.Continue Reading State Attorneys General and the data economy: lead, protect, enforce
An interview with North Carolina AG Josh Stein
Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong…
AGs emphasize consumer protection and privacy expertise in FTC comments
The Federal Trade Commission (FTC) will be holding a series of hearings this fall on “Competition and Consumer Protection in the 21st Century,” with the goal of reflecting on the agency’s powers, and state attorneys general (AGs) want to make sure their voices are heard.
A bipartisan group of 29 state AGs filed comments with the FTC on August 20, 2018, asking it to consider their unique viewpoints and expertise as state regulators who are “in the forefront of consumer protection.” The FTC hearings begin on September 13 with a schedule that includes a panel on “The Regulation of Consumer Data” featuring former acting chair Maureen Ohlhausen and former FTC staff members and academics. As the FTC opens its doors for a public discussion on how its enforcement priorities and policies affecting consumers might change, especially with a new slate of commissioners, the AGs want to be seen as partners. In particular, they want be part of the conversation on privacy and data security, as has been a strong trend in recent years.
“In our experiences, consumer privacy and data security is an afterthought in product and service development. Industry often does not adequately invest in privacy and security. Consumer data has inherent value and the free market alone does not adequately protect sensitive data. Consumers have voiced concerns to us about what personal information industry collects, how industry informs consumers about data collection, and how industry uses and shares consumers’ data. Industry must place privacy and security front and center in its research and development of products and services,” the comment stated.Continue Reading AGs emphasize consumer protection and privacy expertise in FTC comments
Arizona emerges as privacy innovator as its AG and Governor lead the charge
Arizona and its Attorney General’s office have emerged as key players in the effort to prioritize data security on the national stage. Since his inauguration in 2015, Arizona Attorney General Mark Brnovich has struck a balance between supporting innovation and protecting Arizonans’ privacy rights. With the support of Governor Doug Ducey, Arizona is taking active steps to broaden the scope of state privacy protection initiatives.
As the current Chair of the Conference of Western Attorneys General (CWAG), AG Brnovich will host CWAG’s 2018 Chair Initiative in Scottsdale, Arizona on May 3 and 4, focusing specifically on data privacy, cybersecurity, and digital piracy. The meeting will bring together AGs from around the country as well as thought leaders and key stakeholders in the private sector to tackle new horizons on issues such as breach notification, the European Union’s data protection regulations, national security, and FinTech. To read more about AG Brnovich’s 2018 Chair Initiative, and his take on how attorneys generals are tackling privacy and data security issues, check out Reed Smith Partner Divonne Smoyer and Associate Kimberly Chow’s recent Q&A with AG Brnovich on the website of the International Association of Privacy Professionals.Continue Reading Arizona emerges as privacy innovator as its AG and Governor lead the charge
An interview with Indiana AG Curtis Hill
Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Indiana Attorney General Curtis Hill. AG Hill has prioritized rolling back federal overreach and safeguarding consumers from fraud and scams, along with continuing to take a hard…