Shook Weighs in on Updated CCPA Regulations -
In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
3/10/2020
/ Biometric Information ,
Board of Directors ,
C-Suite Executives ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EHealth ,
EIOPA ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
International Data Transfers ,
Ireland ,
LabMD ,
New Guidance ,
OCR ,
Opt-Outs ,
Personal Information ,
PHI ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Right to Delete ,
Third-Party Service Provider ,
Underwriting
States Consider Privacy and Data Security Legislation -
It’s that time of year again, when we see a flood of legislative activity at the state level on privacy and data security laws. A couple of recent examples are below....more
1/30/2020
/ Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Equifax ,
EU-US Privacy Shield ,
Expedia ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Commissioner's Office (ICO) ,
Information Governance ,
Legislative Agendas ,
Marriott ,
Motion to Dismiss ,
Online Safety for Children ,
Orbitz ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Proposed Legislation ,
Regulatory Violations ,
Settlement ,
State and Local Government ,
UK
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen -
The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
12/18/2019
/ Arbitration ,
Article III ,
Best Practices ,
Brazil ,
Cable Television Providers ,
Class Action ,
Comcast ,
Data Breach ,
Data Security ,
Data Storage ,
Electronic Data Transmissions ,
Electronic Protected Health Information (ePHI) ,
Email ,
Encryption ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Ireland ,
Legislative Agendas ,
Mobile Device Management ,
Mobile Devices ,
Motion to Dismiss ,
New Guidance ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Proposed Legislation ,
Ransomware ,
Regulatory Agenda ,
Right of Access ,
Risk Management ,
Settlement Agreements ,
Standing
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions -
A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
11/20/2019
/ California Consumer Privacy Act (CCPA) ,
Cayman Islands ,
Class Action ,
Comment Period ,
Compliance Management Systems ,
Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Protection Acts ,
Data Security ,
e-Privacy Directive ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Google ,
HIPAA Breach ,
Ireland ,
New Guidance ,
New Legislation ,
Notification Requirements ,
OCR ,
Personal Data ,
Popular ,
Regulatory Agenda ,
Regulatory Violations ,
Web Browsers ,
Web Tracking
Maine Bill Requires ISPs to Obtain Opt-In Consent from Customers -
The Maine legislature has passed a bill that requires internet service providers (ISPs) operating in Maine to obtain express, affirmative consent from...more
6/11/2019
/ Class Action ,
Consent ,
Data Breach ,
Data Privacy ,
Data Security ,
Data-Sharing ,
FCC ,
Health Insurance ,
HIPAA Breach ,
Information Technology ,
Internet Service Providers (ISPs) ,
Legislative Agendas ,
Opt-In ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Popular ,
Premera Blue Cross ,
Robocalling ,
Settlement Agreements ,
Standing ,
State Data Breach Notification Statutes ,
Statutory Interpretation
Hotel Chain Pays $12 Million to Resolve Privacy Violations -
Motel 6 settled claims with the Washington State Attorney General for $12 million to resolve charges that Motel 6 violated the Consumer Protection Act and the...more
4/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
CNIL ,
Consumer Privacy Rights ,
Consumer Protection Act ,
Data Collection ,
EU-US Privacy Shield ,
France ,
Google ,
Guest Registry ,
Hospitality Industry ,
Immigrants ,
Legislative Agendas ,
Personally Identifiable Information ,
Proposed Legislation ,
Puerto Rico ,
SCOTUS ,
Search Results ,
Settlement Negotiations ,
Standing ,
State Data Breach Notification Statutes
Going Deep on the California Consumer Privacy Act -
The California Consumer Privacy Act (CCPA) has been called the beginning of America’s GDPR. As the most comprehensive privacy law in the United States, entities doing...more
1/29/2019
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Certiorari ,
Class Action ,
Consumer Privacy Rights ,
Cy Pres Funds ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
De Minimis Claims ,
Encryption ,
EU-US Privacy Shield ,
Facebook ,
Frank v Gaos ,
General Data Protection Regulation (GDPR) ,
Google ,
Invasion of Privacy ,
Marriott ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
SCOTUS ,
Standing ,
Web Tracking ,
Wifi
On Friday afternoon an Illinois intermediate appellate court decided that the bar for a plaintiff bringing a class action lawsuit under the Illinois Biometric Information Privacy Act (BIPA) is low, creating a conflict with...more
While the privacy world is focused on the Equifax data breach, another development is taking place that could have a more lasting effect on privacy law. In the last month, plaintiffs’ lawyers in Illinois have filed over 20...more
10/17/2017
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Data Security ,
Employer Liability Issues ,
Employment Litigation ,
Facial Recognition Technology ,
Fingerprints ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. ...more
6/5/2017
/ Attorney-Client Privilege ,
Class Action ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Discovery ,
Experian ,
Forensic Accounting ,
Personally Identifiable Information ,
T-Mobile ,
Work-Product Doctrine