Archives: Uncategorized

Subscribe to Uncategorized RSS Feed

COVID-19 Screening Program Can Lead to Litigation Concerning Biometric Information, BIPA

As organizations aim to return to some type of normalcy, and help ensure a healthy and safe workplace, many have implemented COVID-19 screening programs that check for symptoms, and an employee’s recent travel and potential contact with the virus. Moreover, many states and localities across the nation are mandating or recommending the implementation of COVID-19 … Continue Reading

NYDFS Files First Enforcement Action Under Reg 500

On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”).    Reg 500, which took effect in March 2017, imposes wide-ranging and rigorous requirements on subject organizations and their service providers, which are summarized … Continue Reading

EU-U.S. Privacy Shield Program for Transfer of Personal Data to U.S. Found Invalid

On July 16, 2020, the Court of Justice of the European Union (CJEU) published its decision in the matter of Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (“Schrems II”). The matter, arising from the transfer of Schrems’ personal data by Facebook Ireland to Facebook Inc. in the United States, presented questions concerning the … Continue Reading

Supreme Court Weighs in on TCPA Constitutionality

In a much-anticipated Supreme Court decision, Barr v. American Association of Political Consultants, sure to impact the future of the Telephone Consumer Protection Act (“TCPA”), the Court addressed the issue of whether the government-debt exception to the TCPA’s automated-call restriction violates the First Amendment, and whether the proper remedy for any constitutional violation is to … Continue Reading

The California Privacy Rights Act (“CPRA”) Headed to the November 2020 Ballot

As we recently reported, the privacy-right activist group that sponsored the California Consumer Privacy Act (“CCPA”) – Californians for Consumer Privacy – is pushing for an even more stringent privacy bill, the California Privacy Rights Act (“CPRA”). The CRPA has now qualified for the November 3, 2020 ballot, gathering more than 600,000 valid signatures as required, according … Continue Reading

Legislators and Regulators Weigh in On Privacy and Data Security Protections for Healthcare Providers Amid COVID-19 Pandemic

As they work to combat the surging COVID-19 virus, healthcare providers recently were reminded by legislators and regulators of the importance of data security and privacy protections. On the data security front, U.S. Senators Richard Blumenthal, Tom Cotton, David Perdue, and Mark Warner recently wrote to the Director of the U.S. Department of Homeland Security’s … Continue Reading

U.S. Supreme Court Will Finally Weigh in on Scope of CFAA

The United States Supreme Court recently granted a petition for certiorari in Van Buren v. United States addressing the issue of whether it is a violation of the Computer Fraud and Abuse Act (“CFAA”) when an individual who is authorized to access information on a computer, accesses the same information for an improper purpose. The … Continue Reading

FCC’s Declaratory Ruling on the TCPA’s “Emergency Purposes” Exception During COVID-19: Does it apply to Workplace Correspondence?

The Telephone Consumer Protection Act (“TCPA”) generally prohibits the use of automated dialing equipment or prerecorded voice messages to make calls, send text messages, or send faxes absent prior consent of the called party. This includes calls or texts to cellular phone numbers as well as calls to residential lines. There are limited exceptions to … Continue Reading

UK and US Issue Joint Cybersecurity Alert Concerning Explosion of COVID-19 Phishing Attacks

In the US, many organizations anxiously awaiting assistance under the CARES Act are becoming the targets of cyberattackers looking to feed off of the massive relief being provided by the US treasury. Yesterday, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre … Continue Reading

California AG Urges Congress Not to Preempt the CCPA

Earlier this month, California Attorney General (“AG”) Xavier Becerra sent a letter to several members of U.S. Congress, providing an update on the implementation of the newly effective California Consumer Privacy Act (CCPA), and urging Congress not to enact a federal law that would preempt the CCPA and other state consumer privacy measures. Instead, AG … Continue Reading

The Case that Sparked the CCPA Gets an FTC Final Order

Recently, the U.S. Federal Trade Commission issued an important opinion, concluding that Cambridge Analytica, LLC, the data analytics and consulting company, engaged in “deceptive practices to harvest personal information” of tens of millions social media users, by way of using their data from a company developed app, GSRapp, for voter profiling purposes without the users’ … Continue Reading

New Year, New Shields: How Can You Prepare for the New York SHIELD Act?

As we’ve previously reported, the New York Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”) goes into effect on March 21, 2020. The SHIELD Act, which amends the State’s current data breach notification law, imposes more expansive data security and data breach notification requirements on companies, in the hope of ensuring better protection … Continue Reading

FCC Rules Online Faxes Are TCPA Exempt

The Telephone Consumer Protect Act (“TCPA”) has seen lots of action in 2019, and in the final days of the year the Federal Communications Commission (“FCC”) issued a significant ruling concluding that “online fax services” i.e. e-faxes are outside the scope of the TCPA. The FCC’s ruling effectively prevents the common “junk fax” class action … Continue Reading

Maryland Again Amends its Data Breach Notification Law

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017, Maryland amended its Personal Information Protection Act (PIPA) with expansion of the definition of personal information, modification of the definition of “breach of the security of the system,” establishing a 45-day … Continue Reading

Illinois Leads the Way on AI Regulation in the Workplace

Illinois continues to lead the way in privacy and security legislation. The Prairie State is home to the Biometric Information Privacy Act, first of its kind legislation regulating the collection and possession of biometric information, and also the Personal Information Protection Act, considered one of the more expansive data breach notification laws in the nation. … Continue Reading

SEC Issues Privacy and Data Security Risk Alert

Following recent examinations of SEC-registered investment advisers and broker-dealers, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) published a privacy risk alert on April 16, 2019. OCIE is hoping to remind advisers and broker-dealers about providing compliant privacy and opt-out notices, and adopting and implementing effective policies and procedures for safeguarding … Continue Reading

Illinois BIPA Defendants May Soon Be Getting Relief…Or Not

UPDATE: As discussed below, SB2134, as introduced, would have amended BIPA to delete the language that creates a private right of action and provide, instead, that violations resulting from the collection of biometric information by an employer for employment, human resources, fraud prevention, or security purposes would be subject to the enforcement authority of the … Continue Reading

Damaging Data Breaches Don’t Just Involve SSNs or Medical Information

A few weeks back a company’s watch list containing nearly 2.5 million individuals and entities considered “high-risk” for its clients was mistakenly leaked to the public. A “high-risk” entity in this circumstance was one potentially linked to organized crime or terrorism. The leak resulted from an unsecured and incorrectly configured company database. Typically in the … Continue Reading

NJ Amendment to Data Breach Notification Law, Moves to Governor

In light of several large-scale breaches of late, the New Jersey General Assembly is taking steps to enhance the state’s data breach notification requirements. In late February, Assembly Bill 3245 (AB 3245), introduced by Assembly Members Ralph Caputo and Carol Murphy, was unanimously approved by both the Assembly and the Senate, and is now headed … Continue Reading

Should Companies Terminate Third Party Vendors That Cause a Data Breach?

According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However, there are reports that … Continue Reading

Data Privacy Day – Special Report – California Consumer Privacy Act FAQs for Employers

Happy Data Privacy Day from the Jackson Lewis Privacy, Data and Cybersecurity Team! In Honor of National Privacy Day, we are focused on what is sure to be one of the hottest issues of 2019 and present our FAQs for employers on the California Consumer Privacy Act (CCPA). As you know, data privacy and security … Continue Reading

Actual Harm Not Required to Sue Under Illinois Biometric Information Privacy Law

Earlier today, the Illinois Supreme Court handed down a significant decision concerning the ability of individuals to bring suit under the Illinois Biometric Information Privacy Act (BIPA). In short, individuals need not allege actual injury or adverse effect, beyond a violation of his/her rights under BIPA, in order to qualify as an “aggrieved” person and be entitled to … Continue Reading

North Carolina AG Seeks Breach Notification for Ransomware, Other Enhancements to Data Breach Law

According to SC Magazine, an escalating number of victims of data breaches in 2017 have led Attorney General Josh Stein and state Rep. Jason Saine to propose updates to the state’s existing data breach notification law – “Act to Strengthen Identity Theft Protections.” The Act would make a number of changes to the existing law, … Continue Reading
LexBlog