The California Consumer Privacy Act (CCPA), passed in 2018 and taking effect January 1, 2020, is considered the most expansive state privacy law in the United States, and sparked a flurry of state privacy law legislative proposals, in particular in Washington state. This January, a group of state senators in Washington introduced the Washington Privacy
U.S. Supreme Court Allows Zappos Data Breach Litigation to Proceed
Yesterday, the U.S. Supreme Court rejected a petition for a writ of certiorari by Zappos requesting the Court to review a Ninth Circuit Court decision which allowed customers affected by a data breach to proceed with a lawsuit on grounds of vulnerability to fraud and identity theft. The ruling stems from a 2012 breach that
Third Circuit Rules in Favor of Employer Who Monitored Former Employees’ Social Media Accounts
On February 25, 2019, the Third Circuit held that a New Jersey engineering firm that monitored its former employees’ social media accounts was not barred from winning an injunction to prevent four former employees from soliciting firm clients and destroying company information.
In this case, several employees left the engineering firm to start two competing
Washington D.C. Attorney General Seeks Stronger Data Security and Breach Notification Requirements
Add Washington D.C. Attorney General Karl A. Racine’s recent data security legislative proposal – the Security Breach Protection Amendment Act of 2019 – to the growing list of states and jurisdictions across the country seeking to strengthen privacy and security protections around personal information.
Proposed in response to major data breaches, a frequent catalyst to
State Law Developments in Consumer Privacy
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most expansive state privacy law in the United States. Organizations familiar with the European Union’s General Data Protection Regulation (GDPR), which became effective on May 25, 2018, certainly will understand CCPA’s implications. Perhaps the best known comprehensive privacy and
Why is New Jersey Updating Its Privacy and Data Security Laws?
The Garden State has been updating its data privacy and security laws and you may be wondering why. On October 28, 2018, Attorney General Gurbir S. Grewal and the New Jersey State Police the New Jersey announced statistics on the effects of data breaches in 2017 on New Jersey residents. Based on that report, here
NJ Amendment to Data Breach Notification Law, Moves to Governor
In light of several large-scale breaches of late, the New Jersey General Assembly is taking steps to enhance the state’s data breach notification requirements. In late February, Assembly Bill 3245 (AB 3245), introduced by Assembly Members Ralph Caputo and Carol Murphy, was unanimously approved by both the Assembly and the Senate, and is
Should Companies Terminate Third Party Vendors That Cause a Data Breach?
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However,
California AG Announces Amendment to the CCPA
On February 25, 2019, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the California Consumer Privacy Act (CCPA), which was enacted in June of 2018. If enacted, this would be the second amendment to the CCPA, following an earlier amendment in September of
California AG Seeks to Further Amend State’s Data Breach Notification Law
Yesterday, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael)announced Assembly Bill 1130 which is intended to strengthen California’s existing data breach notification law. In short, AB 1130 would amend the existing law to include passport numbers and biometric information (e.g., fingerprint and retina scan data) in the definition of personal information,