Consumer Privacy

Subscribe to Consumer Privacy via RSS

New York State Governor Andrew Cuomo and the New York State Department of Financial Services (“DFS”) have been busy on the cybersecurity front. In a press release on September 18, 2017, building upon the state’s pride in its “first-in-the-nation” cybersecurity regulations that were passed earlier this year, (which we previously discussed on our blog and

Laptop-maker Lenovo (United States), Inc. agreed to a no-fault settlement with the Federal Trade Commission and 32 states over allegations that it installed ad software that compromised customers’ web security and invaded users’ privacy.

As part of the Consent Order, Lenovo agreed that it would:

  • Not misrepresent any feature of installed software related to consumer

The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s

Not to be outdone by the recent attention to biometric information in Illinois, and the Prairie State’s Biometric Information Privacy Act (BIPA), Washington enacted a biometric data protection statute of its own, HB 1493, which became effective July 23, 2017.

What it notable about Washington’s new biometric information law?

  • It prohibits “persons” from

Capturing the time employees’ work can be a difficult business. In addition to the complexity involved with accurately tracking arrival times, lunch breaks, overtime, etc. across a range of federal and state laws (check out our Wage and Hour colleagues who keep up on all of these issues), many employers worry about “buddy punching”

Recently, the United States Court of Appeals was called upon to determine whether an unsolicited call that did not result in a charge to the consumer violated the Telephone Consumer Protection Act (“TCPA”) and, if it did, was the harm sufficiently concrete to provide plaintiff with standing to sue. Susinno v. Work Out World, Inc.

Earlier this month, the United States Court of Appeals for the Seventh Circuit in Blow v. Bijora upheld a lower court decision rejecting a plaintiff’s claim that she did not consent to receive text messages from the defendant retailer. Plaintiff brought this class action seeking $1.8 billion in damages by alleging that the company’s practice

As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also

On May 11, 2017 – after weeks of anticipation – the White House released an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.  There could not be better timing with a global cyberattack unleashing ransomware against governments and companies in nearly 100 countries around the globe. This newly released Executive Order

As you know if you regularly read this blog, the New York State DFS finally finalized its “first-in-the-nation” cybersecurity rules with an effective date of March 1, 2017. And their reach is quite large: DFS-supervised entities from insurers and banks to mortgage brokers and credit unions (and their third-party service providers) will have to begin