Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and Fraud

Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices … Continue Reading

Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach Cases

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity … Continue Reading

Colorado Becomes Third State To Enact a Comprehensive Privacy Law

Colorado is officially the third U.S. state to enact comprehensive privacy legislation, following California and Virginia. The Colorado General Assembly passed the Colorado Privacy Act (CPA), Senate Bill 21-109, on June 8, 2021, and Governor Jared Polis signed it into law on July 7, 2021. The Colorado Privacy Act takes effect July 1, 2023, six … Continue Reading

The “New” EU Standard Contractual Clauses: FAQs for U.S. Organizations

Globalization, compliance, and the growth in outsourcing have created a myriad of cross-border data transfer scenarios. These scenarios include marketing to and servicing customers, assessing global compliance with diversity and including goals, and outsourcing back office business functions. However, the emergence of far reaching data privacy regulation, such as the EU General Data Protection Regulation … Continue Reading

City of Baltimore May Criminalize the Use of Facial Recognition Technologies by Businesses

The Baltimore City Council recently passed an ordinance, in a vote of 13-2, barring the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022.  Council Bill 21-0001  prohibits persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any … Continue Reading

Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?

The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law.  It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill … Continue Reading

Connecticut on its Way to an Enhanced Data Breach Notification Law

UPDATE: On June 16, Gov. Ned Lamont signed HB 5310 into law which becomes effective October 1, 2021. State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that will … Continue Reading

NY Attorney General Announces Settlement After Website Data Breach

In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state.  The settlement also requires the online retailer to strengthen … Continue Reading

Don’t be Fooled by the CPRA Effective Date, Employers Have Current Obligations Under the CCPA

The passage of Prop 24, the California Privacy Rights Act of 2020 (“CPRA”), has caused a bit of confusion among businesses in California.  The confusion stems from the fact that the CPRA has an effective date of January 1, 2023, amending the existing California Consumer Privacy Act (CCPA) when it takes effect, but also immediately … Continue Reading

NYC Council Passes Data Privacy Bill That Would Impose Rigorous Requirements On Owners of “Smart Access” Buildings

As we noted in our last post, there has been a flurry of data privacy and security activity in New York, with the State appearing poised to join California as a leader in this space.  Most recently, on April 29, 2021, the New York City Council passed the Tenant Data Privacy Act (“TDPA”), which would … Continue Reading

NYC Creates BIPA-Like Requirements for Retail, Hospitality Businesses Concerning Biometric Information Collected From Customers

Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities.  These businesses will also be barred from selling, leasing, trading, sharing or otherwise profiting from the biometric identifier information they collect from customers.  Customers … Continue Reading

COVID-19 Vaccine Passport Programs: Privacy and Security Considerations

As access to COVID-19 vaccines becomes more prevalent, and we begin to conceptualize what a post-pandemic world might look like, many governments are assessing the idea of a COVID-19 vaccine passport framework.  In late March, the European Commission announced its plan for a COVID-19 Digital Green Certificate framework (“the framework”) to facilitate “safe free movement … Continue Reading

CPRA Series: The CPRA and Risk Assessments

The California Privacy Protection Act (CPRA) amended the California Consumer Privacy Act (CCPA) and has an operative date of January 1, 2023. The CPRA introduces new compliance obligations including a requirement that businesses conduct risk assessments. While many U.S. companies currently conduct risk assessments for compliance with state “reasonable safeguards” statutes (e.g., Florida, Texas, Illinois, … Continue Reading

Florida Moves Forward a Revised Consumer Privacy Bill

Will Florida be the next state to enact a comprehensive consumer privacy law? It sure is starting to look like a viable possibility.  With the California Consumer Privacy Act (“CCPA”) in full effect, and the recent enactment of Virginia’s Consumer Data Protection Act (“CDPA”), there has been a flurry of state privacy legislative proposals since … Continue Reading

Developing a Privacy and Cybersecurity Training Program for Employees

Increased remote work due to the COVID-19 pandemic has only exacerbated privacy and cybersecurity concerns, and likely has not changed the finding in Experian’s 2015 Second Annual Data Breach Industry Forecast: Employees and negligence are the leading cause of security incidents but remain the least reported issue. A more recent state of the industry report … Continue Reading

COVID-19 Vaccination: Setting Up An On-site Program

The Biden administration reportedly has called for all people at least 18 to be eligible for the COVID-19 vaccine by April 19, 2021, two weeks earlier than its prior goal of May 1, and less than a week away. Most states have already done so. Without the barriers created by state-by-state priority rules, the rate … Continue Reading

5 Key Data Privacy and Security Risks That Arise When Organizations Record Job Interviews & Strategies for Mitigating Them

COVID-19 drove many formerly in-person interactions onto a variety of video conferencing platforms.  But as millions of vaccinations are administered each day, and case numbers decline, it’s now possible to imagine and plan for the time when conducting business over video will no longer be mandatory. For many organizations, though, COVID-19 has led to an … Continue Reading

Utah is the 2nd State to Create a Safe Harbor for Companies Facing Data Breach Litigation

In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach of system security, and establishing the requirements for asserting such a defense. … Continue Reading

Travel 2.0: Vaccine Passports and Visas—What’s Next on the Horizon

One of the industries perhaps hardest hit by the coronavirus, the travel industry, received welcomed news late last week in the form of CDC guidance stating that people fully vaccinated against COVID-19 can resume domestic travel and do not need to get tested for COVID-19 before or after travel or self-quarantine after travel. According to … Continue Reading

Supreme Court Issues Monumental TCPA Decision

In a decision certain to have significant impact on Telephone Consumer Protection Act (TCPA) class action litigation, today the U.S. Supreme Court concluded narrowly that to qualify as an “automatic telephone dialing system”, a device must be able to either “store a telephone number using a random or sequential generator or to produce a telephone … Continue Reading

Colorado Introduces a Comprehensive Consumer Privacy Bill

Colorado recently became the latest state to consider a comprehensive consumer privacy law.  On March 19, 2021, Colorado State Senators Rodriguez and Lundeen introduced SB 21-190, entitled “an Act Concerning additional protection of data relating to personal privacy”. Following California’s bold example of the California Consumer Privacy Act (“CCPA”) effective since January 2020, Virginia recently … Continue Reading

California State Healthcare Worker Accesses COVID-19 Data on More Than 2,000 Patients and Employees

As we noted in late January 2020, the spread of infectious disease raises particular concerns for healthcare workers who want to do their jobs and care for their patients, while also protect themselves and their families. Perhaps the desire to protect one’s self and family is what motivated a California state healthcare worker to access … Continue Reading

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents.  We provide an in-depth analysis of the CDPA here, along with legislative activity in … Continue Reading
LexBlog