Does your company use tracking or session replay software to understand how users interact with your website? If so, you may be the next target of a new wave of class actions sweeping across Florida and California. The...more
The California Attorney General has approved some modifications to regulations of the California Consumer Privacy Act (CCPA). The four new changes, which become effective today, are described by the California AG as...more
HB 969, a comprehensive privacy law that would immediately become the most onerous in the United States, sailed through the Florida House of Representatives’ Regulatory Reform Subcommittee yesterday....more
The Florida Legislature is considering a comprehensive privacy law (HB 969) that would fundamentally change the landscape of how/whether companies do business in Florida. The bill is largely a “cut-and-paste” of the...more
Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
2/16/2021
/ Article III ,
Corporate Counsel ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Point of Sale Terminals ,
Popular ,
Standing
Yesterday, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals has weighed in on two important questions in the world of privacy and data breach litigation. First, does a plaintiff have standing where he was exposed...more
Law Enforcement Finds Credible Evidence of Pre-Election Ransomware Attack-
Late yesterday, U.S. law enforcement authorities began warning of credible information suggesting there will be a widespread Ryuk ransomware attack...more
Beazley Cites Ransomware as the Top Threat for Cyber-Attacks in 2020 -
Insurance provider Beazley has issued a report (free registration required) detailing the landscape of cyber-attacks over the past year. The report...more
3/31/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Health Care Providers ,
Information Technology ,
Malware ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
Cybersecurity and Health Information Privacy During the COVID-19 Pandemic -
In following CDC guidelines to effectively navigate the spread of COVID-19, many employers are closing their doors for a period of time and...more
3/20/2020
/ Clinical Trials ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Disaster Aid ,
Emergency Management Plans ,
Employee Privacy Rights ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Location Data ,
Pharmaceutical Industry ,
PHI ,
Public Health ,
Smartphones
Shook Weighs in on Updated CCPA Regulations -
In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
3/10/2020
/ Biometric Information ,
Board of Directors ,
C-Suite Executives ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EHealth ,
EIOPA ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
International Data Transfers ,
Ireland ,
LabMD ,
New Guidance ,
OCR ,
Opt-Outs ,
Personal Information ,
PHI ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Right to Delete ,
Third-Party Service Provider ,
Underwriting
California AG Updates CCPA Regulations -
The long wait—two excruciating months from the end of initial public comment—is over. The California Attorney General’s office, in a bid to ruin the weekend for privacy...more
2/12/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Public Comment ,
Regulatory Agenda ,
Regulatory Requirements ,
Rulemaking Process ,
State Attorneys General
States Consider Privacy and Data Security Legislation -
It’s that time of year again, when we see a flood of legislative activity at the state level on privacy and data security laws. A couple of recent examples are below....more
1/30/2020
/ Class Action ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Equifax ,
EU-US Privacy Shield ,
Expedia ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Google ,
Information Commissioner's Office (ICO) ,
Information Governance ,
Legislative Agendas ,
Marriott ,
Motion to Dismiss ,
Online Safety for Children ,
Orbitz ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Proposed Legislation ,
Regulatory Violations ,
Settlement ,
State and Local Government ,
UK
The Florida Senate and House of Representatives are considering two bills (SB 1670 and HB 963) that, if adopted, will amend Florida law to create the state’s first comprehensive privacy law (though they do not go nearly as...more
1/28/2020
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Carve Out Provisions ,
Consent ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Florida ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Governance ,
Internet Privacy ,
Legislative Agendas ,
Marketing ,
Online Platforms ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Proposed Amendments ,
Proposed Legislation ,
Proposed Regulation ,
Public Records ,
Records Request ,
Regulatory Agenda ,
Rulemaking Process ,
State and Local Government ,
Websites
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen -
The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
12/18/2019
/ Arbitration ,
Article III ,
Best Practices ,
Brazil ,
Cable Television Providers ,
Class Action ,
Comcast ,
Data Breach ,
Data Security ,
Data Storage ,
Electronic Data Transmissions ,
Electronic Protected Health Information (ePHI) ,
Email ,
Encryption ,
Enforcement Actions ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Ireland ,
Legislative Agendas ,
Mobile Device Management ,
Mobile Devices ,
Motion to Dismiss ,
New Guidance ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Proposed Legislation ,
Ransomware ,
Regulatory Agenda ,
Right of Access ,
Risk Management ,
Settlement Agreements ,
Standing
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions -
A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
11/20/2019
/ California Consumer Privacy Act (CCPA) ,
Cayman Islands ,
Class Action ,
Comment Period ,
Compliance Management Systems ,
Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Protection Acts ,
Data Security ,
e-Privacy Directive ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Google ,
HIPAA Breach ,
Ireland ,
New Guidance ,
New Legislation ,
Notification Requirements ,
OCR ,
Personal Data ,
Popular ,
Regulatory Agenda ,
Regulatory Violations ,
Web Browsers ,
Web Tracking
California Adds Biometric Restrictions to Data-Breach Law, Potentially Creating a De Facto Biometric Privacy Law
Subject to the governor’s signature, California’s breach-notification law will gain additional requirements...more
9/25/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consent ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
FCC ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Interactive Advertising Bureau ,
ISO ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Proposed Legislation ,
Robocalling ,
Settlement Agreements ,
TCPA ,
Transparency ,
YouTube
French Data Protection Authority Issues Guidelines on Cookie Use -
CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
8/6/2019
/ CNIL ,
Cookies ,
COPPA ,
Data Breach ,
Data Protection Authority ,
Equifax ,
EU ,
Facebook ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
New Guidance ,
Popular ,
Prior Express Consent ,
Privacy Laws ,
Settlement Agreements ,
SHIELD Act ,
Singapore ,
State Data Breach Notification Statutes ,
Website Owner Liability
British Data Protection Authority Flexes GDPR Enforcement Muscles -
No longer is the bark of sanctions for lax data protection practices worse than its bite. The Information Commissioner’s Office (ICO)—the United Kingdom's...more
7/17/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
UK
The Legal 500 Adds Shook to Top Rankings in Cyber Law-
The Legal 500 United States has again recognized Shook, Hardy & Bacon as one of the premier litigation firms in the country, giving top marks to a variety of practices,...more
7/10/2019
/ Amended Rules ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Employees ,
Exceptions ,
Improper Venue ,
Internet Service Providers (ISPs) ,
New Rules ,
Opt-In ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation ,
Railway Labor Act ,
Southwest Airlines ,
State Data Breach Notification Statutes
Maine Bill Requires ISPs to Obtain Opt-In Consent from Customers -
The Maine legislature has passed a bill that requires internet service providers (ISPs) operating in Maine to obtain express, affirmative consent from...more
6/11/2019
/ Class Action ,
Consent ,
Data Breach ,
Data Privacy ,
Data Security ,
Data-Sharing ,
FCC ,
Health Insurance ,
HIPAA Breach ,
Information Technology ,
Internet Service Providers (ISPs) ,
Legislative Agendas ,
Opt-In ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Popular ,
Premera Blue Cross ,
Robocalling ,
Settlement Agreements ,
Standing ,
State Data Breach Notification Statutes ,
Statutory Interpretation
The California Consumer Privacy Act: The Next Frontier -
The California Consumer Privacy Act (CCPA) has been called the beginning of America’s GDPR. As the most comprehensive privacy law in the United States, entities...more
6/5/2019
/ Algorithms ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Damages ,
Data Breach ,
Data Privacy ,
Fines ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes ,
TCPA
Hotel Chain Pays $12 Million to Resolve Privacy Violations -
Motel 6 settled claims with the Washington State Attorney General for $12 million to resolve charges that Motel 6 violated the Consumer Protection Act and the...more
4/18/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
CNIL ,
Consumer Privacy Rights ,
Consumer Protection Act ,
Data Collection ,
EU-US Privacy Shield ,
France ,
Google ,
Guest Registry ,
Hospitality Industry ,
Immigrants ,
Legislative Agendas ,
Personally Identifiable Information ,
Proposed Legislation ,
Puerto Rico ,
SCOTUS ,
Search Results ,
Settlement Negotiations ,
Standing ,
State Data Breach Notification Statutes
Florida Introduces BIPA Legislation -
A Florida state senator has introduced an identical version of the Illinois Biometric Information Privacy Act (BIPA)....more
3/25/2019
/ Aetna ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
CNIL ,
Competition ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Proposed Amendments ,
Proposed Legislation ,
State and Local Government
An identical version of the Illinois Biometric Information Privacy Act (BIPA) has been introduced in the Florida Senate. The bill includes the same private right of action. ...more
3/4/2019
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Facial Recognition Technology ,
Fingerprints ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Proposed Legislation ,
State and Local Government