‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California...more
3/5/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
In the second settlement under the California Consumer Privacy Act (CCPA), California Attorney General (AG) Rob Bonta announced a settlement over allegations that DoorDash sold consumers' personal information in a manner that...more
3/4/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
In recent regulatory and enforcement developments, the California Privacy Protection Agency (CPPA) proposed a regulatory framework for automated decision-making technology (ADMT) and revisions to the California Consumer...more
2/7/2024
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
COPPA ,
Cyber Attacks ,
Data Breach ,
Data Brokers ,
Data Protection ,
FCC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Personal Data ,
Popular ,
Reporting Requirements ,
Robocalling ,
Social Media ,
State Attorneys General ,
Vulnerability Assessments ,
Website Owner Liability
Editor’s Note: The FTC continues to crack down on privacy and cybersecurity, including issuing a new warning to tax preparation companies and entering into a consent decree with 1Health.io. VPPA and BIPA litigation continues...more
11/28/2023
/ Artificial Intelligence ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Motion to Dismiss ,
NIST ,
Personal Information ,
Popular ,
Privacy Policy ,
Putative Class Actions ,
Safeguards Rule ,
State Attorneys General
Editor’s Note: As the summer months come to an end, there has been no shortage of privacy news and updates. Oregon signed both a comprehensive privacy law and data broker law, and the SEC adopted new rules regarding the...more
9/15/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Fingerprints ,
Popular ,
Securities and Exchange Commission (SEC)
CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly...more
Editor’s Note: In the U.S. laws and regulation space, the California attorney general announced the first-ever CCPA settlement, the California Privacy Protection Agency raised objections to the ADPPA, and the FTC announced...more
Exemption Extensions Failed. On August 31, California's legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal...more
With the notice and cure set to expire on January 1, 2023, California Attorney General Rob Bonta (CA AG) provided a glimpse at what to expect with its first settlement of alleged violations of the California Consumer Privacy...more
9/1/2022
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Sephora ,
Statutory Violations
The California Privacy Rights Act (CPRA) established the California Privacy Protection Agency (CPPA), and requires the CPPA to adopt, amend, and rescind regulations on 22 topics — including, among other things, definitions,...more
Like most industries today, Consumer Finance Services businesses continue to be significantly impacted by COVID-19. To help you keep abreast of relevant activities, below find a breakdown of some of the biggest legislative...more
The California Privacy Rights Action (CPRA) will significantly impact how entities process personal information requiring covered businesses to review and update their existing vendor agreements. The CPRA also includes...more
As we explained in an earlier installment, most privacy law derive from the Fair Information Practice Principles (FIPPs). The FIPPs provide, in part, that consumers should be given notice of how their information will be used...more
Most privacy laws derive from the same core foundational principles, namely the Fair Information Practice Principles (FIPPs). This includes the California Consumer Privacy Act of 2018 (CCPA), California Privacy Rights Act of...more
The California Privacy Protection Agency (CPPA) is the first state privacy agency in the nation and was created as part of the California Privacy Rights Act (CPRA). While this agency has already been formed, it will not begin...more
Despite overlap of alleged putative nationwide class definitions, the Judicial Panel on Multidistrict Litigation (JPML) denied Geico’s attempt to consolidate five class-action lawsuits arising from a data breach notification...more
On July 7, Governor Jared Polis signed Colorado's comprehensive data privacy bill (SB 21-190) into law. The Colorado Privacy Act (CPA) will go into effect on January 1, 2023, making Colorado the third state to enact a...more
Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to...more
4/9/2021
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Laws
Like the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), the Virginia Consumer Data Protection Act (VCDPA) does not grant a private right of action for alleged violations...more
In Gardiner v. Walmart, Inc., a Walmart customer who purchased goods online filed a putative class action alleging that Walmart's cybersecurity procedures led to a purported unauthorized disclosure of his personal identifying...more
One key area where Virginia’s Consumer Data Protection Act (CDPA) differs from the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) is the law’s notice and disclosure...more
On March 15, California Attorney General Xavier Becerra announced that the California Office of Administrative Law approved his fourth set of proposed modifications to the California Consumer Privacy Act’s (CCPA) implementing...more
Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to...more
2/3/2021
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Privacy Laws
A federal court in California has ruled that the plaintiff in a putative class action alleging theft of non-sensitive personal information arising from a cybersecurity data breach lacks Article III standing to maintain his...more