The Federal Trade Commission ("FTC") recently announced its intent to "vigorously" enforce its 2009 Health Breach Notification Rule (the "Rule") via a policy statement that sheds light on the Rule's scope. The policy...more
9/24/2021
/ Application Programming Interface (APIs) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Apps ,
Mobile Health Apps ,
Personally Identifiable Information ,
Popular
On May 4, 2020, Californians for Consumer Privacy announced that it submitted over 900,000 signatures to qualify the California Privacy Rights Act of 2020 (“CPRA”) for California’s November 2020 ballot. With the California...more
5/22/2020
/ Ballots ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Rulemaking Process ,
State and Local Government
On March 11, 2020, the California Attorney General, Xavier Becerra, (“California AG”) released a second set of modifications to the proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These...more
3/26/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Employee Benefits ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General ,
Statutory Interpretation
On February 7 and again on February 10, 2020, the California Attorney General Xavier Becerra released an updated draft of proposed regulations pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). The updated...more
2/14/2020
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State and Local Government ,
State Attorneys General
Happy New Year! At long last, the California Consumer Privacy Act of 2018 (“CCPA”) went into effect yesterday, January 1, 2020. For those who have not yet heard, the CCPA establishes a comprehensive legal framework to govern...more
1/3/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Deletion ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Right to Delete ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
10/21/2019
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Customer-Loyalty Programs ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employee Privacy Rights ,
New Amendments ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
State Data Breach Notification Statutes
On October 10, 2019, the California Attorney General added to the complexity of the California Consumer Privacy Act of 2018 (“CCPA”) by releasing long-awaited proposed regulations that provide guidance on various elements of...more
10/16/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
COPPA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Digital Service Providers ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Public Comment ,
Right to Delete ,
Rulemaking Process ,
State and Local Government
With the January 1, 2020 effective date of the California Consumer Privacy Act (the “CCPA”) rapidly approaching, all eyes have been on the California legislature’s consideration of a robust suite of amendments that would...more
9/18/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government
Following in California’s footsteps, Nevada has passed a new privacy law providing consumers the right to opt out of the sale of their personal information. Senate Bill 220 (SB-220), signed into law by Governor Steve Sisolak...more
6/11/2019
/ Consumer Privacy Rights ,
Data Collection ,
Data Management ,
Data Protection ,
Data-Sharing ,
New Legislation ,
Online Platforms ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government ,
Statutory Requirements
In 2018, the California legislature made headlines with its game-changing data protection law: the California Consumer Privacy Act of 2018. ...more
3/19/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
State and Local Government
The California Consumer Privacy Act of 2018 (the “CCPA” or the “Act”), which we reported on here and here continues to make headlines as the California legislature fast-tracked a “clean up” bill to amend the CCPA before the...more
Game-changing Calif. Consumer Privacy Act of 2018 puts statutory breach damages on the table -
The recently-enacted California Consumer Privacy Act of 2018 is a game-changer in a number of respects. The Act imports...more
8/24/2018
/ Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Orrick of counsel Emily Tabatabai, a founding member of our Cybersecurity & Data Privacy team, recently spoke with Law360 regarding cybersecurity and privacy predictions for 2018. Emily discussed the inherent privacy and...more
1/3/2018
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Internet of Things ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
States were busy updating their data breach notification statutes in 2016. With 2016 in the rear view, let’s take a look back at the legislative changes that will impact corporate incident response processes and what those...more
There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more
7/29/2016
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Malware ,
Notification Requirements ,
OCR ,
Personally Identifiable Information ,
PHI ,
Popular ,
Ransomware
Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more
Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more
Personal data is a valuable corporate asset. At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset. Unfortunately,...more
10/20/2015
/ Bankruptcy Code ,
Chapter 11 ,
Commercial Bankruptcy ,
Customer Lists ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Digital Assets ,
Disney ,
Enforcement Actions ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Hackers ,
MySpace ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
RadioShack ,
Sale of Assets ,
Snapchat ,
WhatsApp
As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more
10/1/2015
/ Bank Accounts ,
Breach Notification Rule ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Debit Cards ,
Hackers ,
Passwords ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Legislation ,
Social Security Numbers
The provider of the immensely popular “Brightest Flashlight Free” mobile app for Android reached a settlement with the Federal Trade Commission (FTC) over charges that it collected sensitive personal information, including...more
California is continuing to blaze new trails in the area of online data privacy. Gov. Jerry Brown recently signed into law several new pieces of privacy legislation. The new laws affect all operators of commercial Web sites...more
California Assembly Member Bonnie Lowenthal recently introduced the “Right to Know Act of 2013” (AB1291) in the California State Assembly. If passed, this legislation would allow U.S. consumers unprecedented access to...more
The Federal Trade Commission has emphasized in the past that general privacy protections in the website space apply equally to mobile services, but a new FTC Staff Report released on Friday hones in on some privacy...more
2/11/2013
/ Address Book ,
App Developers ,
COPPA ,
Data Collection ,
Data Protection ,
Federal Trade Commission (FTC) ,
Mobile Apps ,
Notice Requirements ,
Parental Consent ,
Path Inc. ,
Personally Identifiable Information ,
Privacy Policy ,
Settlement ,
Social Networks ,
Transparency