Privacy & Cybersecurity

Target sued its insurer for up to $74 million in coverage related to its 2013 data breach. Merck did the same.

Target sued its insurer for up to $74 million in coverage related to its 2013 data breach.

The Senate continues to talk about a federal privacy bill.

The FTC has been pretty active on the privacy front.

The FTC has beefed up its data security enforcement.

New Hampshire, Illinois, Virginia, and Washington were quick to introduce CCPA-style privacy bills early into the 2020 legislative sessions.

New Hampshire, Illinois, Virginia, and Washington were quick to introduce CCPA-style privacy bills early into the 2020 legislative sessions.

New Hampshire, Illinois, Virginia, and Washington were quick to introduce CCPA-style privacy bills early into the 2020 legislative sessions.

New Hampshire, Illinois, Virginia, and Washington were quick to introduce CCPA-style privacy bills early into the 2020 legislative sessions.

CCPA 2.0” needs 623,212 signatures by June to get on California’s ballot—just in time for CCPA’s regulations to finally get released. Lovely

CEOs from the Business Roundtable called on Congress to pass national privacy legislation.

NIST released its preliminary privacy framework.

The IAB has proposed a CCPA compliance framework for programmatic publishers and ad tech companies.

The folks responsible for the CCPA gifted us with another ballot initiative for a stricter privacy statute called the California Privacy Rights and Enforcement Act. Yikes.

California’s Attorney General released the long-awaited draft CCPA regulations.

The Pennsylvania Supreme Court held that employers have a common law duty to protect their employees’ personal information from unauthorized access.

Notes from the California AG’s CCPA roadshow.

A proposed bill would make San Francisco the first city to ban governmental adoption of facial recognition technology.

Google was hit with $57M GDPR fine by French regulators.

At a recent Senate oversight hearing, the new FTC Commissioners discussed a potential federal privacy bill that could preempt state laws.

FINRA released cyber guidelines for broker-dealers.

The Department of Health and Human Services released cybersecurity guidelines for the health industry.

The House unanimously passed the SMART IoT Act, which directs the Department of Commerce to study the IoT industry and report back to Congress.

California’s AG will hold public forums across the state on the California Consumer Privacy Act, which will surely give us clarity on the law.

Oath (f/k/a AOL) pays record $5M COPPA settlement.

U.S. Senators call for a data security law after the Marriott breach.

The outlook for a 2019 federal privacy bill.

The latest on the CCPA legislative saga.

In other biometric news, Home Depot was sued under BIPA by consumers who say the company collected “faceprints” and followed them around the store.

An update in Facebook’s high-stakes biometric data case.

YouTube will pay a $170M COPPA settlement.

A group of CEOs urged Congress to pass national privacy legislation. Here are their suggestions.

A group of CEOs urged Congress to pass national privacy legislation.

A roundup of recent data breach notification laws around the country.

The Computer Fraud and Abuse Act doesn’t prevent a company from scraping LinkedIn’s site data, according to a recent Ninth Circuit decision.

The U.K.s Information Commissioner’s Office will impose a $123M GDPR fine on Marriott as a result of newly-acquired Starwood’s data breach. For potential M&A implications, see here.

The U.K.s Information Commissioner’s Office will impose a $123M GDPR fine on Marriott as a result of newly-acquired Starwood’s data breach.

The hacker arrested for the Capital One breach may have stolen information from more than 30 other companies.

A CCPA amendment tracker.

FTC is seeking public comment on whether its COPPA rules need updating. The rules were last updated in 2003—but given the speed at which consumer technology has evolved, FTC is asking for comments ahead of the typical ten-year review cycle.

Hawaii’s governor vetoed a bill that would have been the first law to prohibit the sale of a customer’s location data without consent. New York City is considering a similar measure.

Hawaii’s governor vetoed a bill that would have been the first law to prohibit the sale of a customer’s location data without consent.

A federal court in California found that customers have the right to sue Facebook over a 2016 data breach—even though the leaked information was publicly available —potentially signaling an expansion of consumers’ ability to maintain data breach class actions.

New York beefed up their breach notification statutes.

Texas beefed up their breach notification statutes.

Senators Klobuchar and Murkowski introduced the Protecting Personal Health Data Act, which would govern the collection of health information by wearables, social media, DTC genetic testing, and other technologies.

Amazon, like Microsoft and Google, has called for federal regulation of the technology (while others try to ban it).

San Francisco banned the use of facial recognition by the police, and other cities may follow.

Congress re-introduced the Token Taxonomy Act, which would exclude cryptocurrency from being classified as a security.

The First Circuit found that an app user had no expectation of privacy in his IP address.

AGs from 38 states are lobbying Congress to pass the SAFE Banking Act and give cannabis businesses access to the federal banking system.

A bipartisan group in Congress has proposed reforms to Section 101 patent eligibility.

SDNY found that a fashion startup waived attorney-client privilege by including its PR firm in emails about litigation strategy.

HHS lowered the maximum fine for HIPAA violations.

The bipartisan federal Commercial Facial Recognition Privacy Act was introduced in the Senate.

A GDPR-like privacy bill in Washington State failed to pass the House.

A variety of amendments to California’s CCPA—some backed by industry, others backed by consumer groups—advanced out of committee in the Senate and Assembly.

FTC hit TikTok with a record $5.7 million COPPA fine.

Opt-ins, opt-outs, and state privacy law preemption were on the agenda at a recent Senate Judiciary Committee hearing.

Massachusetts is considering a bill that looks like the offspring of BIPA and CCPA.

California’s AG is backing an amendment to CCPA that expands the private right of action and removes the cure period.

‘Brobilize’—the act of a tech company leveraging its customers for public policy purposes. Fascinating topic; horrible name.

Senators ask FTC for tougher “Made in America” enforcement.

FDA will update its medical device approval process.

Anthem agrees to record HIPAA settlement.

PopSugar was sued by Instagram influencers for stealing their content and removing affiliate links. Don’t do this please.

Check your products against the Proposition 65 list.

New Prop 65 warning requirements went into effect on Aug. 30.

Californians are accustomed to seeing a terrifying Prop 65 warning, even at Starbucks.

New cyber regulations from NY State’s Department of Financial Services went into effect 9/1/18.

Apple published new App Store data collection rules.

California passed an Internet of Things cybersecurity law.