Following in the footsteps of the Eastern District of Virginia’s Capital One decision last year and the District of D.C.’s Clark Hill decision earlier this year, the Eastern District of Pennsylvania has just ordered the production of a data breach forensic report and related communications. In re Rutter’s Data Sec. Breach Litig., No. 1:20-CV-382,
Mudasar Khan
The European Commission’s Adoption of New SCCs
On June 4, 2021, the European Commission adopted an updated and long-awaited set of standard contractual clauses (SCCs) for the international transfer of personal data. The previous SCCs were created prior to the implementation of the EU General Data Protection Regulation (GDPR) and required substantive revisions to bring them in line with the GDPR and the Court of Justice of the European Union’s July 2020 Schrems II decision (previously covered here).
Continue Reading The European Commission’s Adoption of New SCCs
Colorado Passes Data Privacy Law
Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia. Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”) will go into effect on July 1, 2023.
Similar to the California and Virginia laws, the CPA affords Colorado “consumers”…
Federal Court Dismisses CCPA Claim Against Marriot International, Inc. For Lack of Standing
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott International, Inc. The holding, which dismissed the claims for lack of standing, will likely play a role in a number of CCPA cases that…
Federal Court System—And Possibly Sealed Filings—Breached in Connection With SolarWinds Hack
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products. The AO noted that it is currently working with the Department of Homeland…
New York Proposes Biometric Privacy Bill With Private Right of Action
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as states that have adopted laws that strictly regulate the notice, collection, and handling…
California Attorney General Shows No Sign of Slowing CCPA Rulemaking with Fourth Set of Proposed Modifications
The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”).
As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020. The third set of modifications revised the regulations relating to the…
Congress Sends Bipartisan ‘Internet of Things’ Bill to President Trump
On November 17, 2020, H.R. 1668, the “Internet of Things Cybersecurity Improvement Act of 2020”, was unanimously passed by the Senate. The bill is now on its way to President Trump for signature or veto.
The bill would require the National Institute of Standards and Technology (“NIST”) and the Office of Management and Budget…
California Voters Approve CPRA
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).
As background, the original CCPA…
Weakened Privacy and Information Security Tools—the Unintended Consequence of Attacks on Section 230 of the CDA
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman Ajit Pai announced that his agency, at the request of President Trump, will draft rules explaining when platforms’ efforts to moderate user-posted…