California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons… Continue Reading
Written by Ann Haley Fromholz In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the… Continue Reading
On Thursday, California Attorney General Kamala Harris announced heightened enforcement concerning data breaches, reports USAToday. AG Harris’ office also issued a Guide that provides recommendations to California businesses, particularly small businesses, to help them protect against and respond to the increasing threat of malware, data breaches and other cyber risks. The circumstances are certainly threatening for small business. According to… Continue Reading
The New York Times published an interesting front page article by Somini Sengupta on October 31, 2013 about the growing trend of state legislative action on privacy issues, noting that over two dozen privacy laws have passed this year in more than 10 states. The piece also notes that the “patchwork of rules across the country” is… Continue Reading
Prepared by Ann Haley Fromholz California law soon may require commercial websites that collect personal data to disclose how they respond to "Do Not Track" signals from Web browsers. AB 370, an amendment to the California Online Privacy Protection Act (Act), which was sponsored by Attorney General Kamala Harris, passed the California Senate and Assembly at the… Continue Reading
California Attorney General issues data breach report and announces enforcement priority to investigate breaches involving unencrypted personal information.
By: Lillian Chaves Moon In the face of increasing incidences of and rising public concern regarding identity theft, the California Legislature is considering a bill with new personal information data disclosure requirements for California businesses and a broad definition of what constitutes personal information. California Assembly Bill 1291, would require businesses who have customer personal… Continue Reading
The Fourth District Court of Appeal for the State of California expanded the tort of "public disclosure of private facts" under that state’s common law right to privacy in a case involving a claim by an employee against her supervisor and employer. Ignat v. Yum! Brands, Inc. et al, No. G046434, (Cal. Ct. App. March… Continue Reading
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the… Continue Reading
California Governor Jerry Brown has signed into law (AB 2674) new requirements specifying when and how employers must respond to their employees’ requests for inspection and copying of their personnel files. The new requirements become effective January 1, 2013. Click here for more information about the new law.
And then there were three… Last week, California Governor Jerry Brown made his state the third in the union, following Maryland and Illinois, to limit access to employees and students’ social media accounts
California moves one step closer to becoming third state to significantly limit when employers could ask employees and job applicants for social media passwords and account information
California Assembly moves bill (voting 73-0) that would make California the second state behind Maryland to prohibit employers from demanding social media passwords.
Beginning January 1, 2012, California will restrict an employer’s ability to obtain a credit report for employment purposes.
In a novel approach to data breach notification requirements, Texas has amended its breach notification law (Business & Commerce Code, Section 521.053) to require notification to residents of not only Texas, but to residents of each of the 50 states. The amendment becomes effective September 1, 2012, and applies to “all persons who conduct business… Continue Reading
California tightens its data breach notification requirements.
In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively. On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified… Continue Reading
CDPH’s data privacy enforcement activity continues, this time affecting 6 hospitals and a nursing home with total penalties approaching $800,000.
In the name of vehicle safety, California Assembly Bill 1942 will permit among other things “driver cams” to be mounted on vehicle windshields beginning on January 1, 2011. Formally known as “video event recorders,” these devices can continuously record audio, video, and G-force levels in a digital loop in order to help identify bad driver… Continue Reading
Update – On September 29, 2010, Governor Arnold Schwarzenegger for the third time vetoed S.B. 1166. California led the way in 2002 when it enacted the nation’s first data breach notification law. Last week, the State’s lawmakers sent Governor Arnold Schwarzenegger S.B. 1166 (pdf), which would mandate that data breach notification communications include more detailed… Continue Reading
Keystroke logging (or “keylogging”) is the noting (or logging) of the keys struck on a computer keyboard. Typically, this is done secretly, so the keyboard user is unaware his activities are being monitored. Several cases throughout the country have examined an employer’s use of keylogging. Recently, the Criminal Court of the City of New York held… Continue Reading
As highlighted by many news sources, including CNN.com and MSNBC.com, the United States Supreme Court listened to oral argument (pdf) today in the case of City of Ontario v. Quon today. This is the case involving a police officer who claimed his employer violated his privacy when it read the personal text messages (which happened to… Continue Reading
Over the past few months, many businesses, particularly in the Northeast Region, have been focusing on creating a written information security program (WISP) to comply with Massachusetts identity theft regulations that went into effect March 1, 2010. For many, this has been a significant effort, reaching most, if not all, parts of their organizations. However,… Continue Reading
The U.S. Supreme Court’s recent grant of certiorari in City of Ontario, Ontario Police Department, and Lloyd Scharf v. Jeff Quon, et al. highlights the effects new technologies continue to have on workplace privacy issues. One issue the Court will consider is whether a California police department violated the privacy of one of its officers… Continue Reading