Privacy & Cybersecurity
Viewpoints
Filter by:
NYDFS’ First Cybersecurity Enforcement Action - What Happened and Important Lessons for Organizations
August 12, 2020 | Blog | By Cynthia Larose, Christopher Buontempo
The New York State Department of Financial Services (“NYDFS”) has announced its first enforcement action of NYDFS’ Cybersecurity Regulation, Part 500 of Title 23 (“Cybersecurity Regulation”) against First American Title Insurance Company (“First American”), a leading title insurance provider.
Read more
Privacy Shield Invalidated by Top EU Court; Standard Contractual Clauses Upheld (But There Are Still Major Challenges Ahead)
July 16, 2020 | Blog
Organizations that transfer personal data from the European Union on the basis of the EU Commission-approved Standard Contractual Clauses (SCCs) may be breathing a sigh of relief on hearing that the SCCs have been upheld by the EU’s top court, the Court of Justice of the European Union in its decision in the Schrems II case. However, the 5,378 US organizations that have certified to Privacy Shield will be deeply disappointed that the Court has invalidated Privacy Shield with immediate effect, just as it did Safe Harbor in 2015.
Read more
Do you transfer personal data from the EU to the US? Important Decision due July 16
July 8, 2020 | Blog
Does your organization transfer personal data from the European Union to the US? If so, keep an eye out for a key decision on July 16 from the EU’s top court, the Court of Justice of the European Union. The Schrems II case presents a challenge to the validity of the Standard Contractual Clauses, EU Commission-approved contracts that are widely used to satisfy the GDPR’s requirements for exporting personal data from the EU to other countries.
Read more
California Senate Proposes Bill to Extend Certain CCPA Exemptions
July 8, 2020 | Blog | By Cynthia Larose
At present, the California Consumer Privacy Act (CCPA) has “temporary” (and limited) exemptions for the application of portions of the CCPA to personal data collected in the course of business-to-business transactions (Section 1798.145(o)) and that of employees and job applicants (Section 1798.145(h). Both sections will sunset on January 1, 2021 without further action from the Legislature.
Read more
Today’s The Day: CCPA Enforcement Begins
July 1, 2020 | Blog | By Cynthia Larose
As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era. Despite protestations from the business community, and requests for delay due to the lack of regulations until early June and the ongoing COVID-19 state of emergency, AG Xavier Becerra declined to extend the deadline, saying “Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”
Read more
New California Privacy Initiative to Appear on November Ballot – Get Ready for CCPA 2.0
June 29, 2020 | Blog | By Cynthia Larose, Kevin Hiraki
Just as businesses are gearing up for the start of enforcement of the California Consumer Privacy Act (“CCPA”), California cleared the way for the California Privacy Rights Act (“CPRA”). The CPRA is an initiative imposing greater privacy restrictions on businesses holding consumer data, to be voted on as part of California’s November 2020 ballot.
Read more
NIST Provides Important Guidance For IOT Industry
June 22, 2020 | Blog
More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast becoming a staple of how we interact with each other, and obtain and consume entertainment and information.
Read more
Alleged Privacy Law Violations Create Potential $5 Billion Issue For Google
June 19, 2020 | Blog
In a proposed class action lawsuit filed in the U.S. District Court for the Northern District of California, Google is facing a potential $5 billion dollar class action for alleged privacy law violations. The complaint alleges that millions of Google users have been impacted and asks for damages of at least $5,000 per harmed individual. Implicated are multiple Google offerings, including Google Analytics, Google Ad Manager, website plug-ins, and the Google Sign-In button leveraged by many websites.
Read more
A New CCPA Data Breach Lawsuit Is “Minted”
June 17, 2020 | Blog | By Cynthia Larose
Online stationery and craft company Minted Inc. has been hit with a CCPA class action lawsuit, stemming from a massive data breach the company disclosed in late May. The proposed class action lawsuit, filed in a California federal court, claims that Minted Inc. failed to implement “reasonable security measures” and to properly encrypt certain personal information.
Read more
Tracking Kids Through Your App? Think Again.
June 15, 2020 | Blog
Klepto Cats and Dogs have been “stealing” children’s personal information without parental consent and using it for targeted advertising. Bad dog! Well, almost. HyperBeard, Inc., a developer of apps popular with children under 13 years old – including games like BunnyBuns, Chichens, MonkeyNauts, NomNoms, KleptoCats, and KleptoDogs – is in trouble with the FTC for alleged violations of the Children’s Online Privacy Protection Act Rule (“COPPA Rule”).
Read more
Cantwell-Cassidy Exposure Notification Privacy Act – A Bipartisan Bill on Disease Contact Tracing
June 9, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie
Video Blog Series: Is Your Company Using Bots? All You Need to Know about the B.O.T. Act in 1 Minute
June 8, 2020 | Blog
The B.O.T. Act went into effect in California last year. This law regulates “bots,” which are defined as “automated online account[s] where all or substantially all of the actions or posts of that account are not the result of a person.” Watch this 1-minute video explaining the B.O.T. law.
Read more
Video Blog Series: Is Your Company Using or Selling Biometric Technology? BIPA Explained in 2 Minutes
June 5, 2020 | Blog
BIPA prohibits the unlawful collection and storing of biometric information and has very strict requirements. It broadly defines “biometric information” to include retina scans, iris scans, fingerprints, palm prints, voice recognition, facial-geometry recognition, DNA recognition, gait recognition, and scent recognition. Watch this 2-minute video explaining what you need to know about BIPA, how BIPA penalties work, and which states are looking to follow its lead.
Read more
Video Blog Series: Are You Interviewing Job Candidates Remotely Right Now? Then You Need to Know about this New Law
June 4, 2020 | Blog
This blog post focuses on the Illinois Artificial Intelligence Video Interview Act (“AIVIA”). Watch this 2-minute video explaining what AIVIA means for companies in the new digital world and in the COVID-19 remote environment.
Read more
Video Blog Series: Helping Corporate Leaders Understand and Explain the CCPA in 3 Minutes
June 3, 2020 | Blog
This post focuses on the California Consumer Protection Act of 2018 (the “CCPA”). The CCPA went into effect on January 1, 2020, and its enforcement is set to begin on July 1, 2020. We are already seeing a wave of privacy class actions with CCPA allegations and the resulting litigation trends. Watch this 3-minute video highlighting what you need to know about the CCPA, when it applies, and what consumer rights the companies must honor for California residents.
Read more
Video Blog Series: These Four Key Privacy Laws Have Major Implications for Companies in 2020
June 2, 2020 | Blog
In these latest series of blog posts focusing on privacy litigation trends, we discuss four key privacy laws that will impact U.S.-based companies in 2020-2021. These laws are especially relevant for companies seeking to employ Artificial Intelligence (“AI”). Watch this 3-minute video explaining these key privacy laws.
Read more
BREAKING NEWS – California AG Becerra Seeks Expedited Review of CCPA Regulations
June 2, 2020 | Blog | By Cynthia Larose
The California AG’s office has dropped the long-awaited final CCPA Regulations, and requested expedited review from the Office of Administrative Law. If this request is granted, the regulations will be effective by July 1.
Read more
Businesses Beware: Incident Reports May No Longer Have Attorney Work Product Protection Absent Careful Planning
June 1, 2020 | Blog | By Cynthia Larose
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted cybersecurity report, despite that it was prepared in anticipation of litigation at the direction of outside counsel. Despite ordering the release of the report itself, the court denied (without prejudice) the class plaintiffs’ request to also compel the disclosure of the “related materials,” finding that these materials may still qualify for protection, and that this issue was not yet adequately briefed.
Read more
COVID-19 Privacy Proposals on Both Sides of the Aisle: A Comparison
May 28, 2020 | Blog | By Cynthia Larose
Privacy risks of using big data in the fight against COVID-19 are significant, and have caught the attention of Republicans and Democrats alike. Earlier this month we reported on a bill introduced on May 7 by Republican members of the Senate Commerce, Science and Transportation Committee: the COVID-19 Consumer Data Protection Act of 2020.”
Read more
SEC is Sued to Stop Collection of Personal Data of Retail Investors
May 19, 2020 | Blog
The American Securities Association (“ASA”), a financial industry trade association representing regional and small financial services companies, has sued the Securities and Exchange Commission (“SEC”) to prevent the SEC from using the Consolidated Audit Trail (the “CAT”) initiative to gather personal data of retail investors.
Read more
Viewpoint Editors
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
John B. Koss
Managing Director, E-Data Consulting Group
Dianne J. Bourque
Member
Christopher J. Harvie
Member
Kevin M. McGinty
Member / Co-chair, Class Action Practice
Explore Other Viewpoints:
- Antitrust
- Appellate
- Arbitration, Mediation & Alternate Dispute Resolution
- Artificial Intelligence
- Awards
- Bankruptcy & Restructuring
- California Land Use
- Class Action
- Complex Commercial Litigation
- Construction
- Consumer Product Safety
- Cross-Border Asset Recovery
- Debt Financing
- Direct Investing (M&A)
- Diversity
- EB-5 Financing
- Education & Nonprofits
- Employment
- Energy & Sustainability
- Environmental Enforcement Defense
- Environmental Law
- FDA Regulatory
- Federal Circuit Appeals
- Financial Institution Litigation
- Government Law
- Growth Equity
- Health Care
- Health Care Compliance, Fraud and Abuse, & Regulatory Counseling
- Health Care Enforcement & Investigations
- Health Care Transactions
- Health Information Privacy & Security
- IP Due Diligence
- IPRs & Other Post Grant Proceedings
- Immigration
- Insolvency & Creditor Rights Litigation
- Institutional Investor Class Action Recovery
- Insurance & Financial Services
- Insurance Consulting & Risk Management
- Insurance and Reinsurance Problem-Solving & Dispute Resolution
- Intellectual Property
- Investment Funds
- Israel
- Licensing & Technology Transactions
- Life Sciences
- Litigation & Investigations
- M&A Litigation
- ML Strategies
- Medicare, Medicaid and Commercial Coverage & Reimbursement
- Mergers & Acquisitions
- Patent Litigation
- Patent Prosecution & Strategic Counseling
- Pharmacy Benefits and PBM Contracting
- Portfolio Companies
- Privacy & Cybersecurity
- Private Client
- Private Equity
- Pro Bono
- Products Liability & Complex Tort
- Projects & Infrastructure
- Public Finance
- Real Estate Litigation
- Real Estate Transactions
- Real Estate, Construction & Infrastructure
- Retail & Consumer Products
- Securities & Capital Markets
- Securities Litigation
- Special Purpose Acquisition Company (SPACs)
- Sports & Entertainment
- Strategic IP Monetization & Licensing
- Tax
- Technology
- Technology, Communications & Media
- Technology, Communications & Media Litigation
- Trade Secrets
- Trademark & Copyright
- Trademark Litigation
- Venture Capital & Emerging Companies
- White Collar Defense & Government Investigations
- Women's Health and Technology