Tag Archives: personal information

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Photo of Justin T. YedorPhoto of Jeewon SerratoBy Justin T. Yedor and Jeewon Serrato on Posted in CCPA, Consumer Data, CPRA, Data Privacy, Data Protection, Uncategorized
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

Effective Oct. 1, 2021: Connecticut Expands Data Breach Notification Statute

Photo of Benjamin WangerPhoto of Elana WeinblattBy Benjamin Wanger and Elana Weinblatt on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Data Privacy, HIPAA/HITECH
On June 16, 2021, the Connecticut General Assembly adopted an expanded version of Connecticut’s data breach notification statute (2021 CT H.B. 5310 (NS)). Through this expansion, Connecticut’s data breach notification statute will be updated, effective Oct. 1, 2021, to (1) broaden the definition of “personal information,” (2) shorten the amount of time within which businesses … Continue Reading

Ohio Proposes Comprehensive Privacy Legislation

Photo of Damon C. BarhorstPhoto of William BerglundBy Damon C. Barhorst and William Berglund on Posted in Consumer Data, Data Protection, Enforcement, Privacy, State Legislation
Ohio recently became the latest state to consider enacting comprehensive privacy legislation. On July 13, 2021, the Ohio Personal Privacy Act (House Bill 376) was introduced into the Ohio House of Representatives with the backing of Ohio Governor Mike DeWine and Lt. Governor Jon Husted. If passed, OPPA would establish consumer data rights for natural … Continue Reading

A Balancing Act: A Brief Overview of California Privacy Laws

By Kamran Salour on Posted in CCPA
The California Consumer Privacy Act (“CCPA”) takes effect on January 1, 2020. The CCPA aims to provide consumers with an unprecedented array of rights concerning the control of their personal information and, correspondingly, imposes an unprecedented array of obligations upon businesses concerning consumers’ personal information. These obligations are not without limitation, however; the CCPA strives … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Phishing Prevention

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in Cybersecurity, HHS, HIPAA/HITECH
This article is part of a series of blog posts exploring the recommendations and guidance Health and Human Services (HHS) provides healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. In its report on cybersecurity best practices, HHS highlights email phishing attacks as one of the top threats … Continue Reading

The Weekly Privacy Rewind

By Aaron Lancaster on Posted in Weekly Privacy Rewind
State AGs Coalition of AGs Asks Social Security Administration to Establish Database of SSNs to Combat ID Theft • Forty-three state AGs sent a letter to acting Social Security Administration (SSA) Commissioner Nancy Berryhill urging the SSA to swiftly develop a database that would make it easier for financial institutions to verify consumers’ personal information. … Continue Reading

California Consumer Privacy Act: Navigating Consumer Lawsuits & Limiting Remedies

Photo of Paul KarlsgodtBy Paul Karlsgodt, Alan L. Friel and Niloufar Massachi on Posted in CCPA, State Legislation
California’s new privacy law, the California Consumer Privacy Act of 2018 (CCPA or act), which goes into effect Jan. 1, 2020, grants California residents (referred to as consumers in the act but not limited to consumers) a wide range of rights in regard to their personal information, broadly defined. To enable compliance with the act, … Continue Reading

Not Too Early to Start to Prepare for New California Privacy Law

By Alan L. Friel and Niloufar Massachi on Posted in CCPA, Privacy Litigation, State Legislation
In late June, the California legislature signed into law Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018 (CCPA), a privacy law, unprecedented in the U.S., that grants California residents a broad range of European-like rights when it comes to their personal information (PI), effective Jan. 1, 2020. To be able … Continue Reading

Colorado Enacts Sweeping Changes to Data Breach Reporting Requirements and Adds New Data Security Requirements

By David M. Brown on Posted in Data Breach Notification Laws, State Legislation
Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law will go into effect on Sept. 1, 2018. Disposal of personal identifying information As previously discussed here (while the bill was in committee), HB18-1128 … Continue Reading

South Dakota Becomes 49th State to Enact a Data Breach Notification Law

Photo of Sara GoldsteinBy Sara Goldstein on Posted in Data Breach Notification Laws
One of two remaining states without a data breach notification law has finally enacted one of its own. On March 21, 2018, South Dakota Governor Dennis Daugaard signed South Dakota Senate Bill 62 into law, creating the newest state data breach notification law, making Alabama the last holdout. South Dakota’s new statute, which will be … Continue Reading

Deception and Unfair Practices Come Preinstalled

By Benjamin Barnes and Alan L. Friel on Posted in Internet of Things, Online Privacy
Lenovo, a manufacturer of personal computers, recently agreed, among other things, to implement a software security program in a settlement with the Federal Trade Commission (FTC) over issues with third-party software preinstalled on some laptops. The software was later found to have significant security vulnerabilities that put consumers’ personal information at risk. The software created … Continue Reading

Delaware Revamps Its State Data Breach Notification Statute

By David M. Brown on Posted in Data Breach Notification Laws, State Legislation
On Aug. 17, 2017, Delaware revamped its existing data breach notification statute. In doing so, Delaware became the second state (joining Connecticut) to mandate offering individuals affected by a breach of security involving Social Security numbers at least one year of complimentary credit monitoring services. The new law takes effect on April 14, 2018, and … Continue Reading

Tales from the Trenches: Lessons Learned from the Ashley Madison Data Breach

Photo of M. Scott KollerBy M. Scott Koller on Posted in Data Breaches
In July 2015, the online cheating website Ashley Madison was hacked and data pertaining to its 37 million users were published online. The story made headlines given the sensitive nature of the information exposed, the number of people affected and the sensational details of the hack, which included allegations of fraud, blackmail and extortion. The … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

By Will R. Daugherty and David M. Brown on Posted in Cybersecurity, Enforcement, Medical Privacy, Online Privacy
On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

Photo of Lynn SessionsBy Lynn Sessions and David M. Brown on Posted in Medical Privacy, Online Privacy
On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory, … Continue Reading

California Amends Its Breach Notification Statute

Photo of M. Scott KollerBy M. Scott Koller on Posted in Data Breach Notification Laws
For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional formatting and content requirements for individual notification letters. These amendments impact both companies and agencies and will go into effect on January … Continue Reading

2014 Information Governance Year in Review

Photo of James A. ShererBy Judy Selby, James A. Sherer and Benjamin Barnes on Posted in Information Governance
2014 has been perhaps the biggest year Information Governance (“IG”) has seen. A relatively small and, if not unknown, at least undefined field only a few years ago has grown into an area of interest—and concern—to many organizations. The continued growth of data, the escalating threat of data breaches, the amazing ability to collect and … Continue Reading

Indecent Exposure: FTC Obtains Injunctions Against Debt Brokers for Improperly Published Consumer Information

By William W. Hellmuth on Posted in Information Security
On November 12, 2014, the Federal Trade Commission announced that the District Court for the District of Columbia had entered preliminary injunctions against two debt sellers which, together, had improperly posted personal information of over 70,000 consumers online. The FTC filed complaints seeking permanent injunctions and other equitable relief against Cornerstone and Co., LLC, and … Continue Reading

California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?

Photo of M. Scott KollerBy Tanya Forsheit and M. Scott Koller on Posted in Data Breaches
Editor’s Note: The authors would like to thank Jaysen Borja for his contributions to this post. On September 30, 2014, California Governor, Jerry Brown, signed Assembly Bill 1710 into law, amending California’s existing personal information privacy laws.  A.B. 1710 makes several changes to existing laws including: (1) the requirement that businesses that “maintain” personal information … Continue Reading

Kentucky Enacts Data Breach Notification Statute

By Cory J. Fox on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Information Security
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Photo of Pamela Jones HarbourBy Pamela Jones Harbour on Posted in Enforcement, Federal Legislation
Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

OfficeMax Class Action Zip Code Plaintiffs Again Seek Approval for Settlement and Attorney Fee Payment

By Judy Selby on Posted in Privacy Class Actions
Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. Lawyers representing a purported class of customers who accused retailer OfficeMax North America Inc. (OfficeMax) of illegally recording their zip codes tried again this week to gain court approval of a settlement deal agreed to with OfficeMax. Dardarian v. OfficeMax Inc., case … Continue Reading

SAFE Data Act Approved by House Subcommittee

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breach Notification Laws, Federal Legislation
The House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Mary Bono Mack (CA), approved the Secure and Fortify Electronic Data Act (H.R. 2577) (SAFE Data Act) following lengthy debate on July 20, 2011.  The SAFE Data Act contains information security requirements and breach notice obligations consistent with Rep. Bono Mack’s statements following the … Continue Reading

Personal Information is Not Property Under California Unfair Competition Law

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Online Privacy
On May 12, 2011, a California federal court dismissed substantive claims in a class action privacy lawsuit against Facebook.  The plaintiffs alleged eight causes of action under federal and state law, claiming that Facebook shared users’ personal information with advertisers without the users’ consent.  Although the judge found that the plaintiffs had standing to bring … Continue Reading
LexBlog