The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirements of Florida’s data breach notification...more
Florida state agencies and local governments are now subject to new cybersecurity requirements and prohibitions that went into effect on July 1, 2022. These new amendments to Florida’s State Cybersecurity Act (“the...more
Florida will not pass a comprehensive data privacy law for the second year in a row. It will be easy for some to speculate that the bill died because the House insisted on a private right of action. That speculation would be...more
The Florida House of Representatives today passed HB 9 by a vote of 103 to 8. The bill would be Florida’s first “comprehensive” data privacy law. You can read this post to learn more about what the bill would do; this one for...more
The Florida House of Representatives has introduced its version of a comprehensive privacy law (HB 9 – no fancy acronym, unlike the FPPA in the Senate). This blog post will explain the key differences between the House and...more
This blog post will summarize Senate Bill 1864, released on Friday, which is the first “comprehensive” privacy bill to be released in advance of the 2022 Florida legislative session. This is a long post, so I begin with a...more
New regulatory activity may help companies experience fewer ransomware attacks and could impact whether ransoms can be paid to threat actors. The activity includes guidance and sanctions by the Department of Treasury...more
The Florida Senate’s version of a new comprehensive privacy law (a.k.a. the “Florida Privacy Protection Act” (FPPA)) passed unscathed out of the Senate’s Committee on Commerce and Tourism yesterday. The bill’s sponsor fought...more
The Florida Legislature is considering a comprehensive privacy law (HB 969) that would fundamentally change the landscape of how/whether companies do business in Florida. The bill is largely a “cut-and-paste” of the...more
Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
2/16/2021
/ Article III ,
Corporate Counsel ,
Credit Cards ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Point of Sale Terminals ,
Popular ,
Standing
Shook Weighs in on Updated CCPA Regulations -
In response to extensive public comment, the California Attorney General’s office released modified draft regulations under the CCPA on February 7. Shook has provided initial...more
3/10/2020
/ Biometric Information ,
Board of Directors ,
C-Suite Executives ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Protection Commissioner ,
Data Security ,
EHealth ,
EIOPA ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
International Data Transfers ,
Ireland ,
LabMD ,
New Guidance ,
OCR ,
Opt-Outs ,
Personal Information ,
PHI ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Right to Delete ,
Third-Party Service Provider ,
Underwriting
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions -
A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
11/20/2019
/ California Consumer Privacy Act (CCPA) ,
Cayman Islands ,
Class Action ,
Comment Period ,
Compliance Management Systems ,
Consent ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Protection Acts ,
Data Security ,
e-Privacy Directive ,
Electronic Protected Health Information (ePHI) ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Google ,
HIPAA Breach ,
Ireland ,
New Guidance ,
New Legislation ,
Notification Requirements ,
OCR ,
Personal Data ,
Popular ,
Regulatory Agenda ,
Regulatory Violations ,
Web Browsers ,
Web Tracking
French Data Protection Authority Issues Guidelines on Cookie Use -
CNIL, France’s data protection authority, has released new rulesfor obtaining consumer consent under the GDPR for companies using cookies and other tracking...more
8/6/2019
/ CNIL ,
Cookies ,
COPPA ,
Data Breach ,
Data Protection Authority ,
Equifax ,
EU ,
Facebook ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
New Guidance ,
Popular ,
Prior Express Consent ,
Privacy Laws ,
Settlement Agreements ,
SHIELD Act ,
Singapore ,
State Data Breach Notification Statutes ,
Website Owner Liability
British Data Protection Authority Flexes GDPR Enforcement Muscles -
No longer is the bark of sanctions for lax data protection practices worse than its bite. The Information Commissioner’s Office (ICO)—the United Kingdom's...more
7/17/2019
/ British Airways ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marriott ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
UK
The Legal 500 Adds Shook to Top Rankings in Cyber Law-
The Legal 500 United States has again recognized Shook, Hardy & Bacon as one of the premier litigation firms in the country, giving top marks to a variety of practices,...more
7/10/2019
/ Amended Rules ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Employees ,
Exceptions ,
Improper Venue ,
Internet Service Providers (ISPs) ,
New Rules ,
Opt-In ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Proposed Amendments ,
Proposed Legislation ,
Railway Labor Act ,
Southwest Airlines ,
State Data Breach Notification Statutes
Maine Bill Requires ISPs to Obtain Opt-In Consent from Customers -
The Maine legislature has passed a bill that requires internet service providers (ISPs) operating in Maine to obtain express, affirmative consent from...more
6/11/2019
/ Class Action ,
Consent ,
Data Breach ,
Data Privacy ,
Data Security ,
Data-Sharing ,
FCC ,
Health Insurance ,
HIPAA Breach ,
Information Technology ,
Internet Service Providers (ISPs) ,
Legislative Agendas ,
Opt-In ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Popular ,
Premera Blue Cross ,
Robocalling ,
Settlement Agreements ,
Standing ,
State Data Breach Notification Statutes ,
Statutory Interpretation
Florida Introduces BIPA Legislation -
A Florida state senator has introduced an identical version of the Illinois Biometric Information Privacy Act (BIPA)....more
3/25/2019
/ Aetna ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
CNIL ,
Competition ,
COPPA ,
Data Breach ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Proposed Amendments ,
Proposed Legislation ,
State and Local Government
Google Receives Record GDPR Fine -
Marking the first major penalty against a U.S. tech company under the General Data Protection Regulation (GDPR), the French data-protection authority, CNIL, has fined Google a record $57...more
2/7/2019
/ Antitrust Violations ,
California Consumer Privacy Act (CCPA) ,
CNIL ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Derivative Suit ,
Enforcement Actions ,
EU ,
Facebook ,
Federal Trade Commission (FTC) ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
Government Shutdown ,
Huawei ,
International Data Transfers ,
Japan ,
Obstruction of Justice ,
Popular ,
Proposed Amendments ,
Regulatory Oversight ,
Regulatory Violations ,
State and Local Government ,
Trade Secrets ,
UK Brexit ,
Wire Fraud ,
Yahoo!
Going Deep on the California Consumer Privacy Act -
The California Consumer Privacy Act (CCPA) has been called the beginning of America’s GDPR. As the most comprehensive privacy law in the United States, entities doing...more
1/29/2019
/ Article III ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Certiorari ,
Class Action ,
Consumer Privacy Rights ,
Cy Pres Funds ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
De Minimis Claims ,
Encryption ,
EU-US Privacy Shield ,
Facebook ,
Frank v Gaos ,
General Data Protection Regulation (GDPR) ,
Google ,
Invasion of Privacy ,
Marriott ,
Medical Records ,
Personally Identifiable Information ,
Popular ,
SCOTUS ,
Standing ,
Web Tracking ,
Wifi