Privacy & Cybersecurity
Viewpoints
Filter by:
And Now There are Three …. The Colorado Privacy Act
July 16, 2021 | Blog | By Cynthia Larose, Christopher Buontempo
Colorado has now joined California and Virginia to become the third US state to pass a comprehensive data privacy legislation when Governor Jared Polis signed the Colorado Privacy Act (the “CPA”) into law on July 8, 2021. The new law is set to take effect on July 1, 2023. The CPA borrows in part from the European Union’s General Data Protection Regulation (“GDPR”), but more significantly from both the California Consumer Privacy Act (“CCPA”, including as amended by the California Privacy Rights Act (“CPRA”)), and the Virginia Consumer Data Protection Act (“VCDPA”). Below, we highlight some of the CPA’s key elements and explore how the law compares to the CCPA and VCDPA.
Read more
UPDATE: NYC Dept of Consumer Affairs Publishes Sample Biometric Signage
July 15, 2021 | Blog | By Cynthia Larose
As we’ve written, New York City’s Biometric Identifier Information Law (the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and food and drink establishments that collect biometric identifying information, including from customers and employees, post a “clear and conspicuous” notice to that effect near customer entrances.
Read more
NYC Businesses: Do you have your “biometric identifier collection” notice up?
July 12, 2021 | Blog | By Cynthia Larose, Michael Graif
As previewed in Mintz’s earlier post, New York City’s Biometric Identifier Information Law the “NYC Law”) is now in force, effective Friday, July 9th. The NYC Law requires that places of entertainment, retail stores and food and drink establishments that collect biometric identifying information, including from customers and employees, post a “clear and conspicuous” notice to that effect near customer entrances.
Read more
What We’re Reading - July 2, 2021
July 2, 2021 | Blog | By Cynthia Larose
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.
Read more
CCPA Reporting Deadline Reminder
June 30, 2021 | Blog | By Cynthia Larose
If your business is subject to the California Consumer Privacy Act (CCPA), and your business handles (in any manner set forth in the CCPA) the personal information of 10,000,000 or more California residents in a calendar year, you are required to report on consumer request metrics annually. The first reporting period under the CCPA begins on Thursday, July 1, 2021.
Read more
The U.S. Supreme Court Raises the Bar on Standing in Privacy and Data Breach Class Actions
June 29, 2021 | Blog
On Friday, a sharply divided U.S. Supreme Court issued a ruling, which significantly impacts the plaintiffs’ ability to pursue privacy and data breach class actions in federal courts. In TransUnion LLC v. Ramirez, Case No. 20-297, the Court opined that most of the plaintiffs failed to show a “concrete” injury and thus had no standing to pursue their claims because they did not suffer real, personal harm.
Read more
Changes in Connecticut’s Data Privacy Laws – But Not As Drastic As It Could Have Been
June 28, 2021 | Blog | By Cynthia Larose
At the close of Connecticut’s 2021 legislative session, a pair of data protection/cybersecurity related bills made their way to Governor Ned Lamont’s desk, while a CCPA-like omnibus privacy law falling one floor vote short. Oddly, the last-minute proposal (after other proposals in the House and Senate) were found in a 122-page budget bill and ended up being stripped away.
Read more
EU Data Protection Regulators Adopt Guidance on Personal Data Transfers
June 22, 2021 | Blog
Many organizations around the world – and particularly companies in the United States – are directly affected by the EU Court of Justice’s July 2020 Schrems II decision casting doubt on the lawfulness of transferring personal data from the EU to countries where national security laws might permit authorities to gain access to the personal data. (The Schrems II decision is discussed below; click here for a longer discussion of the case.) The European Data Protection Board (EDPB) has just published the final form of its guidance as to what it expects organizations to do to assess risks and bolster protections for transfers of personal data.
Read more
Get Ready for New York City’s New Biometric Identifier Information Law
June 22, 2021 | Blog | By Cynthia Larose, Michael Graif
2021 could be another record year for new and pending privacy legislation, including laws either banning outright or placing limits on the use of technology involving biometric information. Just this year, Portland, Oregon implemented a ban on facial recognition technology beginning January 1. Although the New York State Legislature failed to pass a broad biometric privacy law for the third session in a row, New York City recently adopted its own biometrics privacy legislation that is set to take effect on July 9, 2021.
Read more
US State Privacy Law Update – June 11, 2021
June 11, 2021 | Blog | By Cynthia Larose, Christopher Buontempo
The Mintz Privacy & Cybersecurity Blog will be providing regular updates of notable pending US state privacy laws. Following our similar previous updates, this update checks in on the progression of those laws. The most notable update is that Colorado is set to become the third US state to pass a comprehensive privacy law as the Colorado Privacy Act is on the governor’s desk and is expected to be signed.
Read more
European Commission Adopts New Service Providers Standard Agreement (Controller-Processor SCCs)
June 8, 2021 | Blog
The new standard agreement for service providers (which we’ll refer to as the Controller-Processor SCCs) adopted by the European Commission on June 4th was understandably a bit overshadowed by the release on the same date of the Standard Contractual Clauses for data transfers. But the new Controller-Processor SCCs, which organizations can use with their service providers to meet their GDPR Article 28 obligations, is another welcome addition to the EU’s small but growing library of standard documents.
Read more
European Commission Adopts Final Version of New Data Transfer Agreement (SCCs)
June 4, 2021 | Blog
The European Commission has adopted (at long last) an updated version of the Standard Contractual Clauses (SCCs), bringing this popular data transfer mechanism in line with the GDPR – and, we hope, the Schrems II decision. The SCCs are the most commonly used legal mechanism for transferring personal data from the EEA to non-EEA countries (known as “third countries”), so the new SCCs are very big news for organizations that transfer or receive personal data from the EEA (that is, the European Union plus Norway, Iceland and Liechtenstein).
Read more
White House to Business: “Take Ransomware Crime Seriously”
June 3, 2021 | Blog | By Cynthia Larose
As we come out of the COVID-19 pandemic, it appears that another type of infection is threatening business and ransomware continues to spread.
Read more
CCPA Breach Class Action Settlement About to Get “Minted”
May 20, 2021 | Blog | By Cynthia Larose, Matthew Novian
Although the California Consumer Privacy Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to court approval. That is about to change.
Read more
US State Privacy Law Check-In - UPDATE
May 4, 2021 | Blog | By Christopher Buontempo, Cynthia Larose
In a previous update, we provided a comprehensive round-up of several notable pending US state privacy laws. We are checking-in on the progression of some of those laws in this further update. The next installment will update the remaining state laws in progress.
Read more
Beware Dark Patterns – What are They and What Should Your Business Do About Them?
April 2, 2021 | Blog
While the term “dark patterns” is not new, it has recently been getting a more attention, not least because the newly passed California Privacy Rights Act (“CPRA”) will regulate dark patterns. In this article, we will focus on what dark patterns are, how your business should be thinking about them, and how CPRA is approaching this issue.
Read more
Hearings on the SolarWinds Hack and Possible Policy Responses
March 4, 2021 | Blog | By Christian Tamotsu Fjeld
The 117th Congress kicked off its First Session with, among other initiatives, oversight hearings on the SolarWinds cyber hack. On February 23, the Senate Intelligence Committee held a hearing on the high profile, far-reaching breach; followed by a joint hearing on February 26 in the House of Representatives held by the Oversight and Reform and Homeland Security Committees. At both hearings, Sudhakar Ramakrishna, President and CEO of SolarWinds, Kevin Mandia, CEO of FireEye, and Brad Smith, President and Chief Legal Officer of Microsoft, testified. In addition, George Kurtz, the President and CEO of Crowdstrike, testified at the Senate Intelligence hearing, while Kevin Thompson, the former CEO of SolarWinds, testified in front of the joint House hearing. Together, the hearings represent what will likely be the first of several congressional forays into the SolarWinds hack, including possible legislative initiatives to address future possible incidents and supply chain security.
Read more
Virginia Passes Comprehensive Data Privacy Law – Mintz’s Hot Take
March 3, 2021 | Blog | By Cynthia Larose, Christopher Buontempo
On Tuesday, Virginia Governor Ralph Northam signed the Consumer Data Protection Act (“CDPA”) into law, making Virginia the second U.S. state after California to pass a comprehensive data privacy law. While not quite as expansive as the GDPR in every respect, the CDPA is a very broad-based privacy law that is on par with the California Consumer Privacy Act. Below, we break down some of its key elements.
Read more
It’s Not Such a Breeze: Assessing Your Service Providers after SolarWinds
March 2, 2021 | Blog | By Michael Graif, Cynthia Larose
In the recent SolarWinds hack, the routine task of downloading a software update turned into a cybersecurity nightmare for over 18,000 organizations including the Treasury Department, AT&T and up to 85% of Fortune 500 companies. New York has the SHIELD Act, a statute that requires that organizations select third party service providers “capable of maintaining appropriate cybersecurity safeguards”.
Read more
Virginia Consumer Data Protection Act Awaits Governor’s Signature -- Consumer Reports Proposes “Model State Privacy Act”
February 26, 2021 | Blog | By Cynthia Larose
We summarized Virginia’s Consumer Data Protection Act (CDPA) in advance of its passage by the legislature and it now awaits Governor Ralph Northam’s signature. This will make Virginia the second state (behind California) with a comprehensive state data privacy law. There are some key differences between the Virginia CDPA and the California Consumer Privacy Act and Consumer Privacy Rights Act (CPRA). We will have a full analysis of the Virginia CDPA next week, so watch this space.
Read more
Viewpoint Editors
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
John B. Koss
Managing Director, E-Data Consulting Group
Dianne J. Bourque
Member
Christopher J. Harvie
Member
Kevin M. McGinty
Member / Co-chair, Class Action Practice
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology