After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, … Continue Reading
On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215. Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents. Below is a summary of the key changes of which businesses should be aware.… Continue Reading
Last week, on March 11, the California Department of Justice, Office of the Attorney General (AG) released its second set of revisions to its draft regulations under the California Consumer Privacy Act (CCPA). This second set of proposed revisions is based in part on comments received in response to an initial set of proposed revisions … Continue Reading
The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry. The Adtech industry has struggled with privacy regulations, including the CCPA, but it … Continue Reading
After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet, … Continue Reading
On May 7, 2019, Governor Jay Inslee of Washington signed HB 1071 into law, which strengthens the state’s data breach notification law. Washington joins the growing list of states that have recently amended their breach notification laws. Although Washington’s law was amended in 2015, the law was initially enacted nearly 14 years ago. This amendment, … Continue Reading
BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would: Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA; Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by … Continue Reading
Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading
Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading
“[I]f inaccurate information falls into a government database, does it make a sound?” Partly affirming summary judgment for the defendant in Owner-Operator Indep. Drivers Ass’n, v. DOT, No. 16-5355 (D.C. Cir. Jan. 12, 2018), the U.S. Court of Appeals for the D.C. Circuit answered its own question in the negative and held that a handful … Continue Reading
After two years of campaigning, Fairfax journalist, Ben Grubb, finally got the decision he was seeking: metadata could be considered “personal information” under the Privacy Act 1988 (the ‘Privacy Act’). The landmark decision by the Australian Privacy Commissioner came about after Grubb was refused access to metadata which is available to law enforcement agencies and … Continue Reading
This post was also written by Frederick Lah. Earlier this week, a data breach class action brought against health insurance provider AvMed, Inc. came one step closer to resolution when plaintiffs filed their unopposed motion for preliminary approval of the class action settlement. The parties filed a joint notice of settlement back in September, but details … Continue Reading
A Michigan federal judge has held that plaintiffs could proceed in federal court on their claims under the Video Rental Privacy Act (VRPA), a state law akin to the federal Video Privacy Protection Act (VPPA). The ruling came in three similar putative class actions that alleged Bauer Publishing Co., Hearst Communications, Inc, and Time, Inc., … Continue Reading
This post was also written by Frederick Lah. Last week, the New Jersey Supreme Court held in State v. Earls that New Jersey residents have a constitutional right of privacy in their cell phone location data, and that law enforcement officers must obtain a search warrant in order to access the data. In the case, the … Continue Reading
On 1 February 2013, China’s first set of Personal Data Protection guidelines, the Guidelines for Personal Information Protection in Information Security Technology Public and Commercial Service Systems (the “Guidelines”), came into effect. The Guidelines were issued by the Ministry of Industry and Information Technology (“MIIT”), and apply to all organizations and entities in China except … Continue Reading
This post was also written by Joshua B. Marker. A proposed amendment to California’s “Shine the Light” law seeks to require companies to disclose more detailed information about their data-sharing practices, while giving consumers the ability to bring class action lawsuits under the legislation. Presently, Shine the Light requires companies doing business with California residents to … Continue Reading
This post was also written by Christopher G. Cwalina. A recent decision in ongoing litigation over mobile application practices shows how difficult the defense of privacy class actions can be. Even if the defense wins dismissal of some causes of action, the survival of any cause of action may force the defendant into costly discovery. On … Continue Reading
This post was also written by Frederick Lah. Last week, the New Jersey Appellate Division affirmed a lower court’s decision that a defendant did not have a reasonable privacy interest in his cell phone number. Defendant was a middle school teacher who had a sexual encounter with a student when the student was 13 years old. A … Continue Reading
This post was also written by Frederick Lah. A New Jersey appellate court has affirmed a lower court’s order requiring a county to make available an unredacted list of names and mailing addresses of senior citizens pursuant to the state’s Open Public Records Act (OPRA). The list at issue was compiled by the County of Union … Continue Reading
This post was also written by Joshua B. Marker and Christopher G. Cwalina. Increasingly, consumers demand to know how the businesses they patronize use, share, and disclose personal information. California’s Shine the Light Act, California Civil Code 1798.83, is intended to meet this demand for transparency. The Shine the Light Act provides California residents a statutory … Continue Reading
This post was also written by John Hines, and Frederick Lah. Just how much privacy are we entitled to in public places, such as public highways and buses, classrooms, restaurants, or even on the Internet? While we expect to lose some sense of privacy when we move into public spaces, does this mean that we should … Continue Reading
