Tag Archives: personal information

Texas Joins Other States with New Texas Data Breach Notification Requirement: Is This a New Trend?

The Texas Legislature, which meets every other year, pushed a change to its data breach notification law at the end of the session in late May, and yesterday Governor Greg Abbott signed the bill into law.  It follows a growing trend of changes to privacy and cybersecurity laws at the state level. Texas House Bill … Continue Reading

Is New York Next? A Comprehensive Consumer Privacy Bill Reintroduced

On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), and Virginia’s Consumer Data Protection Act (“CDPA”).  The NYPA had been introduced in a previous … Continue Reading

Colorado Introduces a Comprehensive Consumer Privacy Bill

Colorado recently became the latest state to consider a comprehensive consumer privacy law.  On March 19, 2021, Colorado State Senators Rodriguez and Lundeen introduced SB 21-190, entitled “an Act Concerning additional protection of data relating to personal privacy”. Following California’s bold example of the California Consumer Privacy Act (“CCPA”) effective since January 2020, Virginia recently … Continue Reading

The Circuit Split Continues: 11th Circuit Weighs in on Standing in Data Breach Litigation

The 11th Circuit recently weighed in on the hottest issue in data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Joining several other circuit courts, the 11th Circuit in Tsao v. Captiva MVP Rest. Partners, concluded that the plaintiff had failed to allege either that the data breach … Continue Reading

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents.  We provide an in-depth analysis of the CDPA here, along with legislative activity in … Continue Reading

CPRA Series: Sensitive Personal Information

The California Privacy Rights Act of 2020 (CPRA) becomes operative on January 1, 2023. Among its numerous amendments and additions to the existing California Consumer Privacy Act (CCPA), the CPRA expands the definition of Personal Information. Specifically, it adds the category of Sensitive Personal Information. This new category tracks the EU General Data Protection Regulation’s … Continue Reading

The CCPA’s “B2B” Exemption Is Also Extended by Governor Newsom

By signing AB 1281 into law on September 29th, 2020, California Governor Gavin Newsom amended the California Consumer Privacy Act (“CCPA”) to extend until January 1, 2022, not only the current exemption on employee personal information from most of the CCPA’s protections, but also the so-called “B2B” exemption. Welcomed by many “B2B” (business to business) … Continue Reading

Michigan Considers Enhanced Data Breach Notification Law

Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic.  In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements.  Now, Michigan may follow … Continue Reading

CCPA 2.0 – More Privacy Legislation in the Golden State?

Most companies continue to grapple with compliance with the California Consumer Privacy Act (“CCPA”), which went into effect in January. Companies have overhauled their privacy programs and policies and designed new systems to comply with the CCPA. Now, the privacy-right activist group that sponsored the CCPA – Californians for Consumer Privacy – is pushing for … Continue Reading

Requests to Know under the CCPA: Practical Compliance Tips

The much anticipated California Consumer Privacy Act (“CCPA”) is now in effect (as of January 1, 2020), and as we’ve recently reported, class action litigation under the CCPA has already begun.  Organizations should have already assessed whether their business is subject to the new law and if so, taken steps to ensure compliance.  Likely, one … Continue Reading

CCPA Data Breach Class Action Litigation Begins

As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading

Verifying CCPA Requests to Know and Requests to Delete

With the California Consumer Privacy Act (CCPA) effective for nearly one month, businesses continue to grapple with the many components of this new privacy framework. A key component of the CCPA is granting consumers the right to request information about and to exercise some control over their personal information. Developing sufficient mechanisms to receive, process … Continue Reading

The Case that Sparked the CCPA Gets an FTC Final Order

Recently, the U.S. Federal Trade Commission issued an important opinion, concluding that Cambridge Analytica, LLC, the data analytics and consulting company, engaged in “deceptive practices to harvest personal information” of tens of millions social media users, by way of using their data from a company developed app, GSRapp, for voter profiling purposes without the users’ … Continue Reading

Personal Information, Private Information, Personally Identifiable Information…What’s the Difference?

When privacy geeks talk “privacy,” it is not uncommon for them to use certain terms interchangeably –personal data, personal information, personally identifiable information, private information, individually identifiable information, protected health information, or individually identifiable health information. They might even speak in acronyms – PI, PII, PHI, NPI, etc. Blurring those distinctions might be OK for … Continue Reading

Maryland Again Amends its Data Breach Notification Law

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017, Maryland amended its Personal Information Protection Act (PIPA) with expansion of the definition of personal information, modification of the definition of “breach of the security of the system,” establishing a 45-day … Continue Reading

EU’s High Court Issues Important Opinion on Website Cookie Consent

Several weeks ago, we published a CCPA FAQS on Cookies, which provides a high-level look at how the impending CCPA may apply to website cookies. The CCPA’s definition of personal information is expansive, and in preparation for the CCPA it is easy to overlook certain elements of personal information, in particular website cookies. A cookie … Continue Reading

Disclosure of State Employees’ Birthdates Not Protected Per Washington Supreme Court

The Washington State Supreme Court ruled recently that state employees’ birthdates associated with their names are not exempt from disclosure pursuant to a freedom of information records request. In so holding, the Court strictly construed the applicable statute that did not expressly exempt birthdates from disclosure. Wash. Pub. Emps. Assn. v. State Ctr for Childhood … Continue Reading

California Updates its Data Breach Notification Law

On February 21, 2019, California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) announced Assembly Bill 1130 which intended to strengthen and expand California’s existing data breach notification law. On September 11, 2019, the bill passed both houses of the legislature and was presented to Governor Gavin Newsom. Last Friday, October 11, 2019, … Continue Reading

Celebrate National Cybersecurity Awareness Month with CCPA FAQs!

October is National Cybersecurity Awareness Month (NCSAM)! NCSAM is an annual event designed by the U.S. Department of Homeland Security (DHS) and co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCSA). NCSAM is a collaborative effort by both government and industry leaders intended to enhance public awareness regarding cybersecurity . … Continue Reading

CCPA: Expansive Array of Consumer Rights Imposes Rigorous Compliance Burden

For years now, state laws have required subject organizations to provide notification to affected data subjects and, in some instances, to state agencies, consumer reporting agencies, and the media, when they experience a “breach” of certain categories of information.  And a growing number of states – including California, Colorado, Connecticut, Maryland, Massachusetts, Texas, and, most … Continue Reading

Illinois Enhances Its Data Breach Notification Requirements

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an amendment to the Personal Information Protection Act (PIPA), SB 1624, effective January 1, 2020. PIPA will now require that most “data collectors,” which includes … Continue Reading

CCPA FAQs on Cookies

As businesses prepare for the effective date of the California Consumer Privacy Act, many are conducting data mapping to identify the personal information they collect, who it belongs to, how they use it, with whom they share it and whether they sell or disclose it. The information a business collects from this exercise will set … Continue Reading
LexBlog