Data Protection

Subscribe to Data Protection

For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or simple mistake. Because the definition of data breach under the CCPA is very broad, the unauthorized sharing of personal

To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal information). Rather, the proposed Regulations address a number of technical, nut-and-bolt type compliance issues concerning how businesses must make

The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still remain. A main source of confusion about cookies is the interplay between two EU privacy laws, the

Remarks Focus on Account Takeovers, BEC Schemes, Beneficial Ownership, Technological Innovation and SARs

FinCEN Director Kenneth A. Blanco delivered prepared remarks on September 24 at the 2019 Federal Identity (FedID) Forum and Exposition in Tampa, Florida.

Director Blanco summarized the topics of his remarks by stating the following:

  1. First, I would like to tell you

Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws.  These laws come on the heels of Connecticut’s law enacted a few days earlierNotably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity

On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”).  In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi

New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead.  New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA

In April 2019, the California Assembly Privacy and Consumer Protection Committee rejected a proposal known commonly as the “Privacy for All Act” (AB-1760), which among other things would have provided a private right of action for all violations of the California Consumer Privacy Act (CCPA). The rejection of AB-1760 was a blow to consumer privacy advocates. A similar measure, SB-561, would also have provided a private right of action for all privacy violations. That bill has also been defeated, meaning that the CCPA’s private right of action provisions will not be expanded this year.
Continue Reading

Following the speedy enactment of the California Consumer Privacy Act (CCPA or Act) in June 2018, business and consumer advocates alike have been pressuring California lawmakers to clarify the many ambiguities raised by the Act’s sweeping requirements. California lawmakers recently responded to these calls for greater clarity by proposing a slate of amendments to address some of the more controversial provisions of the CCPA, including the definition of “personal information”, requirements regarding information sharing, and the scope of industry exemptions.
Continue Reading

Following numerous privacy complaints, the State Office for Data Protection Supervision (BayLDA) recently conducted a random audit on 40 companies and found widespread problems with their cookie disclosures. The purpose of the audit was to determine whether website users were able to obtain transparent information regarding the use and tracking of their information by third-party