Tag Archives: Personal Information

CafePress FTC settlement signals future approach to enforcement actions

By Nikki Bhargava, Lauren Weaver and Eric Manski on 28 April 2022 Posted in Data & Cyber Security

On March 15, 2022, the Federal Trade Commission (“FTC”) issued a proposed settlement with online custom merchandise platform CafePress in connection with the company’s alleged: (1) failure to implement reasonable security measures to secure consumers’ Personal Information; and (2) attempt to cover up a significant 2019 data breach. The proposed settlement would require CafePress to … Continue Reading

Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action

By Gerard Stegmaier, Sarah Bruno, Mark Quist, Hubert Zanczak and Stuart Cobb on 3 March 2022 Posted in Privacy & Data Protection

Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of … Continue Reading

The wait is over: Final CCPA regulations have been submitted

By Sarah Bruno, Casey Perrino and Alexis Cocco on 3 June 2020 Posted in Privacy & Data Protection

After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, … Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

By Samuel F. Cullari, Alexis Cocco and Taber Rueter on 14 April 2020 Posted in Privacy & Data Protection, Regulatory

On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215. Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents. Below is a summary of the key changes of which businesses should be aware.… Continue Reading

Still working on it – draft CCPA regulations are modified a second time

By Bart Huffman, Wendell Bartnick and Haylie Treas on 16 March 2020 Posted in Privacy & Data Protection, Regulatory

Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions … Continue Reading

The growth of Adtech and how it falls into privacy laws’ crosshairs

By Sarah Bruno and Casey Perrino on 28 February 2020 Posted in Privacy & Data Protection, Regulatory

The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry. The Adtech industry has struggled with privacy regulations, including the CCPA, but it … Continue Reading

Final guideline for Internet personal information protection published by Chinese Ministry of Public Security

By Xiaoyan Zhang, Amy Yin, Jim Barbuto and Catherine Jing on 12 May 2019 Posted in Privacy & Data Protection, Regulatory

After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet, … Continue Reading

Washington becomes the latest state to amend its data breach notification law

By Kimberly Gold, Samuel F. Cullari and Trevor Satnick on 12 May 2019 Posted in Data & Cyber Security, Privacy & Data Protection

On May 7, 2019, Governor Jay Inslee of Washington signed HB 1071 into law, which strengthens the state’s data breach notification law. Washington joins the growing list of states that have recently amended their breach notification laws. Although Washington’s law was amended in 2015, the law was initially enacted nearly 14 years ago. This amendment, … Continue Reading

California Attorney General proposes expanded CCPA Private Right of Action following State Assembly Hearing on possible 2019 amendments to the landmark privacy law

By Gerard Stegmaier and Mark Quist on 26 February 2019 Posted in Privacy & Data Protection, Regulatory

BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would: Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA; Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by … Continue Reading

Comprehensive data privacy legislation introduced in Massachusetts – includes private right of action without a need to prove harm

By Mark Quist on 10 February 2019 Posted in Privacy & Data Protection, Regulatory

Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading

An interview with North Carolina AG Josh Stein

By Divonne Smoyer and Kimberly Chow on 27 September 2018 Posted in Privacy & Data Protection, Regulatory

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

D.C. Circuit finds dissemination, but not mere existence, of inaccurate information in government database satisfies Article III standing requirement post-Spokeo

By Brian J. Willett on 17 January 2018 Posted in In the Courts

“[I]f inaccurate information falls into a government database, does it make a sound?” Partly affirming summary judgment for the defendant in Owner-Operator Indep. Drivers Ass’n, v. DOT, No. 16-5355 (D.C. Cir. Jan. 12, 2018), the U.S. Court of Appeals for the D.C. Circuit answered its own question in the negative and held that a handful … Continue Reading

Australian Privacy Commissioner rules that “metadata” can be personal information

By Cynthia O’Donoghue, Kate Brimsted and Chantelle Taylor on 15 July 2015 Posted in Privacy & Data Protection

After two years of campaigning, Fairfax journalist, Ben Grubb, finally got the decision he was seeking: metadata could be considered “personal information” under the Privacy Act 1988 (the ‘Privacy Act’). The landmark decision by the Australian Privacy Commissioner came about after Grubb was refused access to metadata which is available to law enforcement agencies and … Continue Reading

AvMed Agrees to Pay $3 Million to Data Security Breach Class Members; Size of Payments Linked to Years as Customer

By Mark S. Melodia and Paul Bond on 24 October 2013 Posted in Privacy & Data Protection

This post was also written by Frederick Lah. Earlier this week, a data breach class action brought against health insurance provider AvMed, Inc. came one step closer to resolution when plaintiffs filed their unopposed motion for preliminary approval of the class action settlement. The parties filed a joint notice of settlement back in September, but details … Continue Reading

Court Rules That Technical Violations of Michigan Video Rental Privacy Act Give Rise to $5,000 Per Person in Statutory Damages, Alleged Violation Enough to Stay in Federal Court

By Paul Bond and Lisa B. Kim on 9 August 2013 Posted in Privacy & Data Protection

A Michigan federal judge has held that plaintiffs could proceed in federal court on their claims under the Video Rental Privacy Act (VRPA), a state law akin to the federal Video Privacy Protection Act (VPPA). The ruling came in three similar putative class actions that alleged Bauer Publishing Co., Hearst Communications, Inc, and Time, Inc., … Continue Reading

N.J. Supreme Court Says Warrants Required for Cell Phone Location Data

By Paul Bond on 22 July 2013 Posted in Privacy & Data Protection

This post was also written by Frederick Lah. Last week, the New Jersey Supreme Court held in State v. Earls that New Jersey residents have a constitutional right of privacy in their cell phone location data, and that law enforcement officers must obtain a search warrant in order to access the data. In the case, the … Continue Reading

China’s first national privacy protection guideline in effect as of 1 February

By Cynthia O’Donoghue and Zack Dong on 27 March 2013 Posted in Privacy & Data Protection

On 1 February 2013, China’s first set of Personal Data Protection guidelines, the Guidelines for Personal Information Protection in Information Security Technology Public and Commercial Service Systems (the “Guidelines”), came into effect. The Guidelines were issued by the Ministry of Industry and Information Technology (“MIIT”), and apply to all organizations and entities in China except … Continue Reading

Proposed Amendment Seeks to Pack More Punch Behind California’s “Shine the Light” Law

By Lisa B. Kim and Steven Boranian on 27 February 2013 Posted in Privacy & Data Protection

This post was also written by Joshua B. Marker. A proposed amendment to California’s “Shine the Light” law seeks to require companies to disclose more detailed information about their data-sharing practices, while giving consumers the ability to bring class action lawsuits under the legislation. Presently, Shine the Light requires companies doing business with California residents to … Continue Reading

Judge Narrows App Litigation, But Lets Plaintiffs Press On

By Paul Bond and Christine Nielsen Czuprynski on 18 June 2012 Posted in Privacy & Data Protection

This post was also written by Christopher G. Cwalina. A recent decision in ongoing litigation over mobile application practices shows how difficult the defense of privacy class actions can be. Even if the defense wins dismissal of some causes of action, the survival of any cause of action may force the defendant into costly discovery. On … Continue Reading

New Jersey Appeals Court Holds that Defendant Who Often Shared Cell Phone Number Did Not Have Reasonable Privacy Interest in Cell Phone Number

By Paul Bond on 13 June 2012 Posted in Privacy & Data Protection

This post was also written by Frederick Lah. Last week, the New Jersey Appellate Division affirmed a lower court’s decision that a defendant did not have a reasonable privacy interest in his cell phone number. Defendant was a middle school teacher who had a sexual encounter with a student when the student was 13 years old. A … Continue Reading

The Balancing Act Between Individual Privacy and Public Policies Favoring Open Public Records: NJ Appellate Court Orders Disclosure of Names and Addresses of Senior Citizens

By Mark S. Melodia on 5 March 2012 Posted in Privacy & Data Protection

This post was also written by Frederick Lah. A New Jersey appellate court has affirmed a lower court’s order requiring a county to make available an unredacted list of names and mailing addresses of senior citizens pursuant to the state’s Open Public Records Act (OPRA). The list at issue was compiled by the County of Union … Continue Reading

‘Shine the Light’ Class Action Litigation Heats Up in California

By Steven Boranian, Mark S. Melodia and Paul Bond on 15 February 2012 Posted in In the Courts, Privacy & Data Protection

This post was also written by Joshua B. Marker and Christopher G. Cwalina. Increasingly, consumers demand to know how the businesses they patronize use, share, and disclose personal information. California’s Shine the Light Act, California Civil Code 1798.83, is intended to meet this demand for transparency. The Shine the Light Act provides California residents a statutory … Continue Reading

Does “Public” Privacy Exist?

By Mark S. Melodia on 17 May 2011 Posted in Privacy & Data Protection

This post was also written by John Hines, and Frederick Lah. Just how much privacy are we entitled to in public places, such as public highways and buses, classrooms, restaurants, or even on the Internet? While we expect to lose some sense of privacy when we move into public spaces, does this mean that we should … Continue Reading