Last week, Erik Gerding, Director of the SEC’s Division of Corporation Finance (the Division), issued a statement providing clarification regarding the disclosure of cybersecurity incidents by reporting companies. This...more
6/4/2024
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Foreign Private Issuers ,
Form 8-K ,
Investors ,
New Rules ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Voluntary Disclosure
After years of internal discussion, the Board of the California Privacy Protection Agency (CPPA), at their March 8th meeting, voted to progress toward formalizing the proposed regulations on risk assessments and automated...more
3/26/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
California Privacy Protection Agency (CPPA) ,
Corporate Counsel ,
Cybersecurity ,
Employment Discrimination ,
Information Sharing ,
Personal Information ,
Policy Updates ,
Privacy Laws ,
Proposed Regulation ,
Risk Assessment
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), is regarded as one of the strongest and most comprehensive privacy laws in the United States and in recent...more
10/16/2023
/ Abortion ,
California ,
California Consumer Privacy Act (CCPA) ,
Citizenship ,
Corporate Counsel ,
Data Brokers ,
Do Not Call List ,
Federal Trade Commission (FTC) ,
Immigration ,
Reproductive Healthcare Issues ,
Sensitive Personal Information
Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th. How does it compare?...more
6/12/2023
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Corporate Counsel ,
Data Privacy ,
FERPA ,
Financial Institutions ,
Fines ,
Florida ,
Governor DeSantis ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Penalties ,
Personal Data ,
Privacy Laws ,
Private Right of Action ,
Search Engines
Blaming a "data retention glitch," Microsoft has agreed to pay the Federal Trade Commission $20 million to settle allegations that the company's Xbox gaming system has illegally collected personal information from children...more
6/8/2023
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Retention ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Personal Information ,
Regulatory Violations ,
Settlement ,
Xbox
Our May Madness series is getting you caught up on comprehensive privacy legislation passing state legislatures across the nation. In April, governors signed legislation in Tennessee and Indiana, and this month ahead of...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11.
Tennessee joins a growing...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Controlled Substances Act ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Farm Credit Administration ,
Fines ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Nonprofits ,
Opt-Outs ,
Penalties ,
Personal Information ,
Private Right of Action ,
State Privacy Laws ,
Tennessee
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. According to the release from...more
Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies. Since that original alert, multiple US and foreign government cybersecurity...more
To note the one year anniversary of the California Consumer Privacy Act (CCPA) enforcement date, California Attorney General Rob Banta held a press conference on July 19, 2021 to share key information about enforcement...more
If your business is subject to the California Consumer Privacy Act (CCPA), and your business handles (in any manner set forth in the CCPA) the personal information of 10,000,000 or more California residents in a calendar...more
Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to...more
In a previous update, we provided a comprehensive round-up of several notable pending US state privacy laws. We are checking-in on the progression of some of those laws in this further update. The next installment will...more
While we continue to await comprehensive US federal privacy legislation, and following California’s lead with its California Consumer Privacy Act of 2018 (CCPA), individual states are stepping up to the plate. Based on what...more
Earlier this week, the California Department of Justice unexpectedly released a third set of proposed modifications to the CCPA regulations. This move took place only two months after the California Attorney General’s Office...more
10/14/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Information Governance ,
Office of Administrative Law ,
Opt-Outs ,
Personal Information ,
Privacy Policy ,
State Attorneys General
2020 “back to school” has a whole new meaning in the age of COVID-19. Now, it is finally time for companies to take compliance with the California Consumer Privacy Act (“CCPA”) off the back burner and implement policies and...more
The New York State Department of Financial Services (“NYDFS”) has announced its first enforcement action of NYDFS’ Cybersecurity Regulation, Part 500 of Title 23 (“Cybersecurity Regulation”) against First American Title...more
As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era. Despite protestations from the business community, and requests for delay due to the lack of regulations until...more
7/1/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Personal Information ,
Privacy Laws ,
State Attorneys General
Online stationery and craft company Minted Inc. has been hit with a CCPA class action lawsuit, stemming from a massive data breach the company disclosed in late May. The proposed class action lawsuit, filed in a California...more
6/17/2020
/ Breach of Implied Contract ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Putative Class Actions ,
State Attorneys General ,
Unfair Competition Law (UCL)
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted...more
Amidst multiple investigations into the privacy and security practices at Zoom Video Communications (“Zoom”), New York Attorney General Letitia James recently announced a settlement agreement with Zoom after the failings of...more
5/13/2020
/ Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Education ,
Facebook ,
Popular ,
Settlement Agreements ,
State Attorneys General ,
Videoconference ,
Virtual Meetings ,
Zoom®
The California Attorney General’s office (CA AG) has published the long-awaited implementing regulations to the California Consumer Privacy Act (CCPA). In addition to the regulations, the CA AG also released a Notice of...more
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in...more
8/2/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Fund Distribution ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
The Federal Trade Commission (“FTC”), the Consumer Financial Protection Bureau, and 50 U.S. states and territories, have reached a global settlement agreement with Equifax Inc. (“Equifax”), according to which, Equifax agreed...more
7/31/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices