Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
7/7/2023
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
Data Collection ,
Data Privacy ,
Data Security ,
Deceptive Intent ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Personal Data ,
Personally Identifiable Information
As previewed in Mintz’s earlier post, New York City’s Biometric Identifier Information Law (the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and...more
2021 could be another record year for new and pending privacy legislation, including laws either banning outright or placing limits on the use of technology involving biometric information. Just this year, Portland, Oregon...more
Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency.
The announcement from the Superintendent of Financial Services of the State...more
4/1/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Compliance ,
Confidential Information ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Disclosure Requirements ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
Notice Requirements ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices...more
10/30/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Right to Delete
Interested parties and privacy professionals have all been anxiously awaiting how legislative activity would shake out before the California Consumer Privacy Act (“CCPA”) is implemented January 1, 2020. Now that the dust has...more
9/23/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Governor Newsom ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
They grow up so fast! A sentiment – and challenge – shared by parents and technologists alike. Just when you think you’ve finally figured it out, you blink, and they’re unrecognizable. The old rules can no longer be trusted...more
8/27/2019
/ COPPA ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Popular ,
Public Comment ,
Website Owner Liability ,
Websites
The California Legislature has returned from its summer recess and got right to work on the pending amendments to the California Consumer Privacy Act (CCPA). The Legislature has 30 days from today to send any amendments to...more
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in...more
8/2/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Fund Distribution ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
The Federal Trade Commission (“FTC”), the Consumer Financial Protection Bureau, and 50 U.S. states and territories, have reached a global settlement agreement with Equifax Inc. (“Equifax”), according to which, Equifax agreed...more
7/31/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
According to our CCPA Countdown Clock, we are 161 days and counting to the effective date of the California Consumer Privacy Act. The Mintz Privacy team is deeply involved in working with clients on developing compliance...more
Get ready: October 1, 2019 is the new date for many U.S. businesses to begin providing consumers the right to opt-out of the sale of their personal information. While January 1, 2020 was the date upon which many businesses...more
Significant changes to the Massachusetts data breach notification law take effect on April 11, 2019. You can view the amendment here. If you haven’t looked at your written information security plan, or WISP, in a while, now’s...more
The Federal Trade Commission (“FTC”) has handed down its largest civil penalty ever for violations of the Children’s Online Privacy Protection Act (“COPPA”). Musical.ly, now known as TikTok after a 2018 merger, agreed to a...more
3/7/2019
/ Consent Decrees ,
COPPA ,
Cybersecurity ,
Data Collection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Settlement Agreements ,
Website Owner Liability ,
Websites
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more
11/16/2018
/ Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
California continues to lead the nation in cybersecurity and privacy legislation on the heels of the recent California Consumer Privacy Act of 2018 (“CCPA”). Governor Brown recently signed into law two nearly identical bills,...more
10/4/2018
/ Acquisitions ,
California Consumer Privacy Act (CCPA) ,
Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Governor Brown ,
Manufacturers ,
Mergers ,
Personally Identifiable Information ,
Privacy Laws ,
Private Right of Action
Labor Day is passed, and the Privacy & Security Matters blog is back after a bit of a hiatus. The California State Legislature was busy up to the last day of the session working on privacy legislation.
Amendments to...more
June 28, 2018 will be a watershed day in the history of U.S. data privacy legislation. California has become the first state to move away from the U.S. approach of legislating data privacy in slow bits. Yesterday, both houses...more
6/29/2018
/ Consumer Protection Laws ,
Data Collection ,
General Data Protection Regulation (GDPR) ,
Governor Brown ,
Notice Requirements ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Portability ,
Private Right of Action ,
Right to Be Forgotten ,
State and Local Government
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
We are now in the 10-day countdown to the GDPR enforcement date that we’ve been talking about since 2015. If you are a charter member of Procrastinators Anonymous, or just secretly hoped that this would all go away, the sands...more
5/16/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Vendor Contacts
Answering the centuries’ old question, it appears it is the Federal Trade Commission (“FTC”) that watches the watchmen. The FTC sent warning letters to a pair of foreign app developers cautioning them that their practices of...more
5/9/2018
/ COPPA ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Guidance Update ,
Mobile Apps ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Smart Devices ,
Website Owner Liability ,
Websites
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October...more
4/23/2018
/ Cloud Storage ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Recordkeeping Requirements ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management