The Federal Trade Commission (“FTC”) has kicked off what may be a new wave of digital health compliance enforcement. On February 1, 2023, the FTC announced its first enforcement action under the Health Breach Notification...more
In a February 2, 2023 decision, the Illinois Supreme Court announced that the five-year statute of limitations set out in Section 13-205 applies to claims brought under the Illinois Biometric Information Privacy Act (“BIPA”)...more
The CPRA amends key provisions of the existing law, the California Consumer Privacy Act (CCPA), including to create new consumer rights and impose new obligations on businesses. The chair of Thompson Coburn’s Cybersecurity...more
In late 2021, the Department of Justice announced a new initiative to combat misrepresentations about cybersecurity preparedness and control measures by federal contractors. As part of the Cyber Initiative, DOJ has brought...more
11/11/2022
/ Continuing Legal Education ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Liability ,
Misrepresentation ,
Popular ,
Qui Tam ,
Risk Mitigation ,
Webinars ,
Whistleblowers
On October 24, 2022, the Transportation Security Administration (“TSA”) released Security Directive 1580/82-2022-01 regarding “Rail Cybersecurity Mitigation Actions and Testing.” The directive is applicable to freight...more
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora resolving alleged violations of the California Consumer Privacy Act (CCPA). Although the CCPA has...more
On August 22, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) that requests “public comment on the prevalence of commercial surveillance and data security practices that...more
9/30/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Comment Period ,
Consumer Information ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Public Comment ,
Surveillance ,
Unfair or Deceptive Trade Practices
Connecticut and Utah both enacted comprehensive privacy laws this spring. On March 24, 2022, Utah became the fourth state to enact a comprehensive data privacy law when Governor Spencer Cox signed Senate Bill 227, known as...more
Multiple privacy bills were introduced in California on or just before February 18, 2022, the last day for bills to be introduced in the legislature’s current session.
CCPA/CPRA Revisions -
The most noteworthy of the...more
3/7/2022
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Educational Institutions ,
Online Safety for Children ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
State Privacy Laws
On Monday, February 14, 2022, the State of Texas by and through the Attorney General of Texas, Ken Paxton, filed suit against Meta Platforms, Inc. for alleged violations of the state’s biometric and deceptive trade practices...more
On February 9, 2022, the SEC announced proposed rules under the Investment Advisers Act of 1940 and the Investment Company Act of 1940. The proposed rule is available...
The SEC’s fact sheet on the proposed rule notes that...more
On February 3, 2022, the Illinois Supreme Court ruled in McDonald v. Symphony Bronzeville Park, LLC, that the exclusivity provisions of the Illinois Workers’ Compensation Act (“Compensation Act”) do not preempt employees’...more
2/14/2022
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Employee Privacy Rights ,
Fingerprints ,
IL Supreme Court ,
Personally Identifiable Information ,
Preemption ,
Putative Class Actions ,
Statutory Damages ,
Workers Compensation Act
On October 27th, the FTC issued the final version of the agency’s Gramm-Leach-Bliley Act Safeguards Rule. Although the rule is new, its primary source, the New York Department of Financial Services cybersecurity regulation,...more
2/4/2022
/ Continuing Legal Education ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
New Rules ,
NYDFS ,
Popular ,
Safeguards Rule ,
Webinars
On October 27, 2021, the Federal Trade Commission (“FTC”) announced significant updates to the Safeguards Rule. The FTC asked for comments on the Rule in 2019, and held a public workshop on the Rule in 2020. The Final Rule...more
12/21/2021
/ Comment Period ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Information Security ,
Popular ,
Public Comment ,
Safeguards Rule
The Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the “prudential banking regulators”) issued a final rule regarding the...more
12/16/2021
/ Banking Sector ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
FDIC ,
Federal Reserve ,
Final Rules ,
Notification Requirements ,
OCC ,
Reporting Requirements
On October 27th, the FTC issued the final revised version of the agency's Gramm-Leach-Bliley Act Safeguards Rule. The revised Safeguards Rule has been years in the making and marks a significant change in how the agency will...more
11/11/2021
/ Continuing Legal Education ,
Cybersecurity ,
Data Security ,
Educational Institutions ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
New Rules ,
Popular ,
Safeguards Rule ,
Webinars
The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing...more
The California Privacy Rights and Enforcement Act (“CPRA”), formerly known as Proposition 24, passed on November 3, 2020. The CPRA is intended to supplement privacy protections for Californians that were first established by...more
The U.S. Supreme Court’s 5-4 decision in TransUnion LLC v. Ramirez may make the road to privacy class actions harder. But recent decisions in the wake of Ramirez suggest the full impact of the decision remains to be seen....more
10/14/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
FDCPA ,
Injury-in-Fact ,
Invasion of Privacy ,
Putative Class Actions ,
SCOTUS ,
Spokeo v Robins ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
The U.S. Supreme Court’s 5-4 decision in TransUnion LLC v. Ramirez may make the road to privacy class actions harder. But recent decisions in the wake of Ramirez suggest the full impact of the decision remains to be...more
10/11/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
On August 12, 2021, Judge Childs of the United States District Court for the District of South Carolina declined to dismiss claims against Blackbaud premised on California’s California Consumer Privacy Act (“CCPA”). The...more
9/2/2021
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Cyber Attacks ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Security ,
Federal Rule 12(b)(1) ,
Federal Rule 12(b)(6) ,
Motion to Dismiss ,
Multidistrict Litigation ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Private Right of Action ,
Ransomware
Connecticut Governor Ned Lamont approved two privacy and cybersecurity laws which take effect on October 1, 2021. Connecticut now offers protection to businesses that implement cybersecurity safeguards from punitive damages...more
On June 14, Texas Governor Greg Abbott signed House Bill 3746, which amends Texas’s data breach notification law. In doing so, Texas joins other states in requiring its attorney general to maintain a public listing of data...more
Colorado has enacted the nation’s third comprehensive consumer privacy law, after Governor Jared Polis signed Senate Bill 21-190 into law. The Colorado Senate voted 34-1 to send the privacy legislation to the governor’s desk,...more
7/16/2021
/ Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Enforcement ,
Exemptions ,
Governor Polis ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws
Since at least the 1970s, California has been the leading state in the area of personal privacy. The right to privacy was added to the California Constitution in 1972 and the state has been among the first to enact laws...more