As we noted in late January 2020, the spread of infectious disease raises particular concerns for healthcare workers who want to do their jobs and care for their patients, while also protect themselves and their families. Perhaps the desire to protect one’s self and family is what motivated a California state healthcare worker to access
AG Becerra Announces Approval of Additional CCPA Regulations
Here we go again! On March 15th, 2021, the California Department of Justice (“Department”) announced approval of modifications to the California Consumer Privacy Act’s (CCPA) regulations, originally introduced in December of 2020. The new regulations mainly modify provisions related to a consumer’s right to opt out of sale of their personal information, with
Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law
On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents. We provide an in-depth analysis of the CDPA here, along with
Maryland Joins New York with a BIPA-like Biometric Privacy Bill
On January 13, House Delegate Sara Love Introduced the “Biometric Identifiers and Biometric Information Privacy Act” (the “Act”) substantially modeled after the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (the “BIPA”). Enacted in 2008, the Illinois BIPA only recently triggered an avalanche of class actions in Illinois, spurring other
Comprehensive State Privacy Laws On the Move, How Should Organizations Evaluate Them?
Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum for comprehensive privacy bills is at an all-time high.” The IAPP maintains a map of state consumer privacy legislative activity, with in-depth analysis
CPRA Series: Redux on Data Security Requirements and Private Right of Action
The California Privacy Rights Act (CPRA), passed in November, 2020, added to the California Consumer Privacy Act (CCPA) an express obligation for covered businesses to adopt reasonable security safeguards to protect personal information. The CPRA also clarified the CCPA’s private right of action for consumers whose personal information is breached due to a failure to
CPRA Series: Does the California Privacy Rights Act (CPRA) Apply to Your Business?
When California voters approved Proposition 24, the California Privacy Rights Act (CPRA), on November 3, 2020, the result was to substantially amend the California Consumer Privacy Act (CCPA) which became effective only 10 months earlier. We outlined the basic rules for determining when the CCPA applies, and summarize here the changes made by
A Reminder for Employers About W-2 Phishing Scams
For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking large refunds. These phishing emails are typically sent as clients begin the process of issuing W-2s to employees. Often employers do not
You Have Heard of the BIPA, But What About the GIPA?
Enacted in 2008, the Illinois Biometric Information Privacy Act, 740 ILCS 14 et seq. (the “BIPA”), went largely unnoticed until a few years ago when a handful of cases sparked a flood of class action litigation over the collection, use, storage, and disclosure of biometric information. Seeing thousands of class action lawsuits, organizations have
Court Denies Motion for Class Certification in Employee W-2 Data Breach Litigation
In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation. Just last week, a federal court in Illinois rejected a motion for class certification in a data breach case alleging disclosure of employees’ sensitive tax information