Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

Washington Overhauls its Data Breach Notification Law

As we noted last month, Washington’s efforts to follow California’s lead in passing its own GDPR-like law have stalled after the bill failed to make its way through the state’s House of Representatives—despite overwhelming approval in the Senate (where it passed 46-1).  That bill’s sponsor has promised to revisit the issue during the 2020 legislative … Continue Reading

New Jersey’s Data Breach Notification Amendment Signed into Law

On May 10, Governor Phil Murphy signed into law P.L.2019, c.95. an amendment enhancing New Jersey’s data breach notification law by expanding the definition of personal information, and updating notification requirements. As we previously reported, the amendment was unanimously approved by the New Jersey General Assembly and Senate in late February. New Jersey’s data breach notification law … Continue Reading

California’s “Your Data, Your Way” Initiative

California keeps making privacy headlines for its trailblazing California Consumer Privacy Act (“CCPA”), set to take effect January 1, 2020, but there is another set of privacy bills making its way through the California state legislature, that, if passed, will provide consumers with further privacy protections. The “Your Data Your Way” initiative, comprised of four … Continue Reading

Will Texas Soon Join the Ranks of States Enacting Privacy Legislation?

Texans like the adage “Everything is Bigger in Texas”. So, as the Lone Star State follows its counterparts and the federal government in discussing broad sweeping privacy protections, legislators introduced two (competing) privacy bills this session: the Texas Consumer Privacy Act and the Texas Privacy Protection Act. Readers should note that the 2019 Texas Legislative … Continue Reading

More Updates to the CCPA May Be Ahead

Ever since the California Consumer Privacy Act (CCPA) was enacted in June of 2018 it has been in a constant state of revision.   First, in September of 2018, Governor Jerry Brown signed into law Senate Bill 1121, which helped clarify and strengthen the original version of law. Then, in February of 2019, California Attorney General Xavier … Continue Reading

CCPA: Employee Personal Information on the Chopping Block

How will the California Consumer Protection Act (CCPA) apply to us? This is a question 0rganizations have asked since the CCPA was first proposed. There remains a number of important questions about the scope of the Golden State’s sweeping privacy law that still need to be answered. One of those questions is whether the CCPA … Continue Reading

North Carolina’s Much Anticipated Data Breach Notification Law Amendment Moves to General Assembly

The much-anticipated amendment to North Carolina’s data breach notification law that we reported on earlier this year (see here) has finally been introduced to the state’s General Assembly.   The bill entitled, an Act Amending the Identity Theft Protection Act, House Bill DRH40393-LR10C, is primarily sponsored by State Representatives Jason Saine (R), Brenden H. Jones (R), … Continue Reading

Secret Video Surveillance Found in Hospital Labor and Delivery Rooms

The New York Times newly established Privacy Project, recently highlighted the extent to which our society has created a “facial recognition machine” – cameras are everywhere, even in doorbells. Segments of society have accepted widespread surveillance on public streets, shopping malls, and in common areas of office buildings, apartment complexes, schools and similar places. But there … Continue Reading

SEC Issues Privacy and Data Security Risk Alert

Following recent examinations of SEC-registered investment advisers and broker-dealers, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) published a privacy risk alert on April 16, 2019. OCIE is hoping to remind advisers and broker-dealers about providing compliant privacy and opt-out notices, and adopting and implementing effective policies and procedures for safeguarding … Continue Reading

Music to Your Ears? Court Rules Bose Can Gather Your Music Listening Habits

According to a recent decision from a federal district court in Illinois, Bose Corp. may monitor and collect information about the music and audio files consumers choose to play through its wireless products and transmit that information to third parties without the consumers’ knowledge. Such action does not violate the federal Wiretap Act or the … Continue Reading

Updates to Massachusetts Breach Notification Law – Much More Than Mandatory Credit Monitoring

UPDATE: The changes to the Massachusetts data breach notification law described below are now in effect. Thus, if you have discovered a data incident involving the personal information of Massachusetts residents you will want to review these changes carefully – they are significant and the Commonwealth is intent on educating the public about them. Because we have coached … Continue Reading

Bill Which Would Expand the CCPA Private Right of Action Moves Forward

As we reported, in late February, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the California Consumer Privacy Act (CCPA). This week, the Senate Judiciary Committee referred the bill to the Senate Appropriations Committee by a vote of 6-2. This move came despite concerns raised … Continue Reading

Proposed Legislation in Massachusetts Would Create Private Right of Action for Improper Collection of Personal or Biometric Information

Pending legislation could create new consumer privacy rights in Massachusetts. Earlier this year, Senator Cynthia Creem presented An Act Relative to Consumer Data Privacy in the Massachusetts Senate. This Consumer Privacy Bill, SD.341, combines key aspects of the California Consumer Privacy Act (CCPA) and Illinois’s Biometric Information Privacy Act (BIPA). This bill would allow Massachusetts consumers a … Continue Reading

Illinois BIPA Defendants May Soon Be Getting Relief…Or Not

UPDATE: As discussed below, SB2134, as introduced, would have amended BIPA to delete the language that creates a private right of action and provide, instead, that violations resulting from the collection of biometric information by an employer for employment, human resources, fraud prevention, or security purposes would be subject to the enforcement authority of the … Continue Reading

As Wearable Technology Booms, Sports and Athletic Organizations at all Levels Face Privacy Concerns

As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour … Continue Reading

Washington State’s GDPR-like Bill Passes Senate

The California Consumer Privacy Act (CCPA), passed in 2018 and taking effect January 1, 2020, is considered the most expansive state privacy law in the United States, and sparked a flurry of state privacy law legislative proposals, in particular in Washington state. This January, a group of state senators in Washington introduced the Washington Privacy … Continue Reading

U.S. Supreme Court Allows Zappos Data Breach Litigation to Proceed

Yesterday, the U.S. Supreme Court rejected a petition for a writ of certiorari by Zappos requesting the Court to review a Ninth Circuit Court decision which allowed customers affected by a data breach to proceed with a lawsuit on grounds of vulnerability to fraud and identity theft. The ruling stems from a 2012 breach that … Continue Reading

Washington D.C. Attorney General Seeks Stronger Data Security and Breach Notification Requirements

Add Washington D.C. Attorney General Karl A. Racine’s recent data security legislative proposal – the Security Breach Protection Amendment Act of 2019 – to the growing list of states and jurisdictions across the country seeking to strengthen privacy and security protections around personal information. Proposed in response to major data breaches, a frequent catalyst to stronger … Continue Reading

State Law Developments in Consumer Privacy

The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most expansive state privacy law in the United States. Organizations familiar with the European Union’s General Data Protection Regulation (GDPR), which became effective on May 25, 2018, certainly will understand CCPA’s implications. Perhaps the best known comprehensive privacy and … Continue Reading

Why is New Jersey Updating Its Privacy and Data Security Laws?

The Garden State has been updating its data privacy and security laws and you may be wondering why. On October 28, 2018, Attorney General Gurbir S. Grewal and the New Jersey State Police the New Jersey announced statistics on the effects of data breaches in 2017 on New Jersey residents. Based on that report, here … Continue Reading

New Jersey on the Forefront of Consumer Privacy and Security Law

Since the start of 2019, New Jersey has shown it is on the forefront of consumer privacy and security law. Last week we reported on Assembly Bill 3245 (AB 3245) that would enhance the state’s data breach notification requirements. In short, if signed, AB 3245, would require businesses to notify consumers of online account security … Continue Reading

Rapid Increase in Biometric Data in Airports Raises Privacy Concerns

In 2018, Delta paved the way in airport terminal development, by introducing the first biometric terminal at the Hartsfield-Jackson Atlanta International Airport where passengers can use facial recognition technology from curb to gate. Delta now offers members of its Sky Club airport lounges to enter using fingerprints rather than a membership card or boarding pass. … Continue Reading

California AG Announces Amendment to the CCPA

On February 25, 2019, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the California Consumer Privacy Act (CCPA), which was enacted in June of 2018. If enacted, this would be the second amendment to the CCPA, following an earlier amendment in September of 2018 … Continue Reading

The Circuit Split Over the Definition of ATDS Under the TCPA Continues

When the Telephone Consumer Protection Act (TCPA) was enacted in 1991, most American consumers were using landline phones, and Congress could not begin to contemplate the evolution of the mobile phone. The TCPA defines Automatic Telephone Dialing System” (ATDS) as “equipment which has the capacity—(A) to store or produce telephone numbers to be called, using … Continue Reading
LexBlog