Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents.  We provide an in-depth analysis of the CDPA here, along with legislative activity in … Continue Reading

Maryland Joins New York with a BIPA-like Biometric Privacy Bill

On January 13, House Delegate Sara Love Introduced the “Biometric Identifiers and Biometric Information Privacy Act” (the “Act”) substantially modeled after the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (the “BIPA”). Enacted in 2008, the Illinois BIPA only recently triggered an avalanche of class actions in Illinois, spurring other legislative activity, including … Continue Reading

Comprehensive State Privacy Laws On the Move, How Should Organizations Evaluate Them?

Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum for comprehensive privacy bills is at an all-time high.” The IAPP maintains a map of state consumer privacy legislative activity, with in-depth analysis comparing key provisions. … Continue Reading

CPRA Series: Redux on Data Security Requirements and Private Right of Action

The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to implement … Continue Reading

CPRA Series: Does the California Privacy Rights Act (CPRA) Apply to Your Business?

When California voters approved Proposition 24, the California Privacy Rights Act (CPRA), on November 3, 2020, the result was to substantially amend the California Consumer Privacy Act (CCPA) which became effective only 10 months earlier. We outlined the basic rules for determining when the CCPA applies, and summarize here the changes made by the CPRA. … Continue Reading

More Movement towards Digital COVID Vaccination Records

A key tech initiative as COVID-19 vaccinations begin rolling out are digital health passports. One example is being developed by a group of large tech companies along with the Mayo Clinic as part of the Vaccination Credential Initiative. The Initiative’s digital vaccination record will likely be a smartphone app. The Initiative is leveraging the CommonPass … Continue Reading

Top 10 for 2021 – Happy Data Privacy Day!

In honor of Data Privacy Day, we provide the following “Top 10 for 2021.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021. COVID-19 privacy and security considerations. During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security … Continue Reading

CPRA Series: The Importance of Data Retention Schedules and Records Management Policies

Record retention and records management policies are key elements for a company’s data protection program. Numerous recently enacted, or amended, data protection laws adopt data retention or storage limitation principles to safeguard personal information. Companies that do not have clearly defined record retention practices should take notice. Companies with existing practices should review those practices … Continue Reading

CPRA Series: Sensitive Personal Information

The California Privacy Rights Act of 2020 (CPRA) becomes operative on January 1, 2023. Among its numerous amendments and additions to the existing California Consumer Privacy Act (CCPA), the CPRA expands the definition of Personal Information. Specifically, it adds the category of Sensitive Personal Information. This new category tracks the EU General Data Protection Regulation’s … Continue Reading

California DOJ Issues Fourth Set of Modifications to the CCPA Regulations

On December 10, 2020, the California Department of Justice (“Department”) announced a fourth set of modifications to the California Consumer Privacy Act’s (CCPA) regulations.  The deadline to submit comments to the modifications is Monday, December 28, 2020. As a quick recap of past developments related to the CCPA regulations, the Department first published proposed regulations … Continue Reading

As Voice Recognition Technology Market Surges, Organizations Face Privacy and Cybersecurity Concerns

A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and machine learning across a wide array of devices including smartphones, healthcare apps, banking apps and connected cars, … Continue Reading

CPRA Series: New, Expanded and Modified Consumer Rights

On November 3, 2020, Californians approved another significant piece of privacy rights legislation, the California Privacy Rights Act, or the CPRA.  The CPRA amends and expands the already (almost) infamous CCPA (California Consumer Privacy Act), which is the privacy law that went into effect in the Golden State last year. New Rights under CPRA The … Continue Reading

TCPA Is Unenforceable Since 2015 – Federal Courts in Louisiana and Ohio Rule

In late September, the United States District Court for the Eastern District of Louisiana issued a first of its kind  ruling regarding the Telephone Consumer Privacy Act (“TCPA”). The court held that TCPA provision,  47 U.S.C. § 227(b)(1)(A)(iii) – which prohibits calls (and messages) made using an Automatic Telephone Dialing Systems (“ATDS”)to any cellular telephone number … Continue Reading

CPRA Series: Impacts On Notice At Collection And Privacy Policy

Already at the cutting edge of U.S. privacy law, California jumped even further ahead of the pack with the recent approval by State voters of the California Privacy Rights Act (“CPRA”).  The CPRA, which builds upon the already extensive framework of privacy rights and obligations established in the California Consumer Privacy Act (“CCPA”), is likely … Continue Reading

CPRA Series: Extension of CCPA’s Anti-Discrimination/Retaliation Provision to Employees, Applicants, and Independent Contractors

During the California Consumer Privacy Act’s (“CCPA”) amendment process prior to enactment, personal information in the employment context was highly contested and has continued to be a point of deliberation even after the CCPA’s effective date last January 1, 2020.  CCPA excludes certain employment-related personal information from most of the act’s requirements until January 1, … Continue Reading

California Passes Prop 24: Here Comes CCPA 2.0

It goes without saying that November 3rd 2020 was an important day for the future of the nation, but it was also a significant day for the future of California privacy law.  On Tuesday, a strong majority of California voters supported Proposition 24, a ballot measure which aims to expand and enhance the California Consumer … Continue Reading

Federal Agencies Issue Joint Alert on Imminent Cybercrime Threat to Healthcare Providers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. The advisory describes the tactics, techniques, and procedures … Continue Reading

Hacked Healthcare Provider Refuses to Pay Ransom, Attackers Target Psychotherapy Patients

Earlier this year, we reported on an evolution in the form of cyberattack known as ransomware –attackers transitioning from denying affected users access to critical data by encrypting it to removing data from the compromised systems and threatening public release in exchange for payment. These attacks typically target the companies maintaining the data. However, attackers … Continue Reading

Eleventh Circuit rejects incentive awards for class plaintiffs

Co-Author: Eric R. Magnus The Eleventh Circuit Court of Appeals recently ruled that “incentive” or “service” awards to lead plaintiffs in Rule 23 class actions are unlawful. It is the first circuit court of appeals to expressly invalidate such awards as a matter of law. (Johnson v. NPAS Solutions, LLC, No. 18-12344, September 17, 2020). … Continue Reading

California DOJ Announces a Third Set of Modifications to the CCPA Regulations

Back in August, after much anticipation and several rounds of review and modification, the California Consumer Privacy Act (CCPA) regulations finally became effective. This was long awaited by businesses and their service providers looking for compliance guidance and clarity on key issues related to facilitation of consumer rights.  This week, the California Department of Justice … Continue Reading

The CCPA’s “B2B” Exemption Is Also Extended by Governor Newsom

By signing AB 1281 into law on September 29th, 2020, California Governor Gavin Newsom amended the California Consumer Privacy Act (“CCPA”) to extend until January 1, 2022, not only the current exemption on employee personal information from most of the CCPA’s protections, but also the so-called “B2B” exemption. Welcomed by many “B2B” (business to business) … Continue Reading

California Governor Newsom Signs into Law Extension to CCPA Employee Personal Information Exemption, Vetoes Another Privacy Bill

On September 29th, California Governor Gavin Newsom signed into law AB 1281, an amendment to the California Consumer Privacy Act (“CCPA”) that would extend the current exemption on employee personal information from most of the CCPA’s protections, until January 1 2022. The exemption on employee personal information was slated to sunset on December 31, 2020.  … Continue Reading

House Passes Internet of Things Cybersecurity Improvement Act

The House of Representatives recently passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (the Act).  The Act has been moved to the Senate for consideration. The legislation sets minimum security standards for all IoT devices purchased by government agencies. IoT refers to the myriad of physical devices that are connected to the … Continue Reading
LexBlog