Category Archives: Privacy

And the Modified Proposed CCPA Regulations are Here!

On February 10, the California Attorney General’s office released a highly anticipated updated draft of the proposed CCPA regulations. This draft corrected a version first issued on February 7, 2020. These latest updates follow the four public hearings held in December 2019 and nearly 1,700 pages of comments submitted after the AG first released the initial proposal … Continue Reading

FTC Finalizes Five Settlements Regarding Privacy Shield Claims

By Elfin Noce on January 22, 2020 Posted in EU Privacy, Privacy Shield

The FTC recently finalized settlements with five companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework. In each complaint, the FTC alleged that DCR Workforce, Inc., Thru, Inc., LotaData, Inc., and 214 Technologies, Inc. made false and misleading representations when they stated that they participated under the Privacy Shield framework … Continue Reading

New Trends Emerge in FTC Data Security Orders, Including Emphasis on C-Suite Involvement

By Julia Kadish on January 15, 2020 Posted in Consumer Privacy, Cybersecurity, Data Security, FTC

The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to stay.… Continue Reading

Getting Prepared for a Decade of Privacy

By Liisa Thomas on January 14, 2020 Posted in California, Consumer Privacy, GDPR, Online Privacy

As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative … Continue Reading

Is Your Privacy Policy Ready for 2020?

By Julia Kadish and Liisa Thomas on December 19, 2019 Posted in Consumer Privacy, EU Privacy, Privacy Shield

Many organizations are currently focused on updating their privacy policy to include content required by CCPA. While making those edits, now is a good time to take a step back and think more broadly about privacy program and operations generally, and in particular about the non-CCPA parts of your privacy policy.… Continue Reading

NAI’s 2020 Code Effective January 1 Along with CCPA

By Liisa Thomas, Elfin Noce and Julia Kadish on December 17, 2019 Posted in Behavioral Advertising, Consumer Privacy, Online Privacy

The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and used for tailored advertising, as well as CCPA and TV-based tailored advertising. In anticipation of the January 1, 2020 effective date of the … Continue Reading

The Privacy Shield Survives Another EU Commission Review, For Now…

By Liisa Thomas, Rachel Tarko Hudson, Rebecca Mackin and Julia Kadish on November 22, 2019 Posted in Consumer Privacy, EU Privacy

The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to facilitate transfers of personal data from the EU to the US. It is reviewed annually by the EU … Continue Reading

California Follows Vermont, Requires Data Broker Registration

By Liisa Thomas and Julia Kadish on October 14, 2019 Posted in California Privacy, CCPA, Consumer Privacy

Joining Vermont, California will now require data brokers to register with the California Attorney General. The law was signed October 11, 2019. It applies to companies that “knowingly” collect and sell personal information about consumers with whom they do not have a “direct relationship.” They must register with the AG by January 31, 2020.… Continue Reading

A Single Text Message May Not Violate TCPA

By Shannon Petersen, Liisa Thomas, Lisa Yun and Elfin Noce on October 7, 2019 Posted in Communication Privacy, Consumer Privacy, TCPA

As we reported in our sister blog, “One ‘Chirp, Buzz, Or Blink’ Is Not Enough To Sue Under the TCPA”, a recent court decision makes it more difficult for plaintiffs to establish standing under the Telephone Consumer Protection Act. In its decision, the Eleventh Circuit ruled that a single text message from an attorney to … Continue Reading

Will More Clarity on Definition of ATDS Under TCPA Finally Be Here Soon?

By Shannon Petersen, Liisa Thomas, Lisa Yun and Julia Kadish on September 26, 2019 Posted in Communication Privacy, Consumer Privacy, TCPA

The Sixth Circuit is the latest court to weigh in on the definition of ATDS under TCPA. The TCPA defines ATDS as equipment that has the capacity “to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers.” Generally, the TCPA prohibits calls and text … Continue Reading

New York SHIELD Act Expands Breach Notice Requirements Starting in October

By Liisa Thomas, Kari Rollins, Elfin Noce and Rebecca Mackin on August 27, 2019 Posted in Consumer Privacy, Data Breach

As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective October 23, 2019.… Continue Reading

Preparing for New York’s New Data Security Requirements

By Liisa Thomas, Kari Rollins and Elfin Noce on August 26, 2019 Posted in Consumer Privacy, Consumer Privacy, Data Protection, Data Security

New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required by the Act go into effect in March 2020. Companies that are already subject to and compliant with data security requirements under HIPAA, GLBA, or … Continue Reading

Processor or Controller? It Really Depends

By Rebecca Mackin on August 19, 2019 Posted in EU Privacy, Healthcare Privacy

The European Data Protection Board and the European Data Protection Supervisor recently issued a joint opinion on the processing of personal data and the role of the European Commission within the eHealth Digital Health Service Infrastructure. As background, the eHealth Network is a network of eHealth authorities designated by the EU member states. Its main … Continue Reading

Utility Provider Settles Call Recording Lawsuit for $3.7 Million

By Robert Hough and Sarah Williamson on August 6, 2019 Posted in California, Communication Privacy, Consumer Privacy, Online Privacy, TCPA

Tiger Natural Gas, Inc. recently settled a class action privacy suit alleging that it illegally recorded sales calls with over 27,000 potential customers. Although Tiger hired a third party to handle its telemarketing, Tiger will pay $3.7 million on the claims as the advertiser with ultimate liability for non-compliance. According to the plaintiffs, neither company … Continue Reading

French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

By Alyssa Shauer on July 29, 2019 Posted in Consumer Privacy

CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing … Continue Reading

FTC Seeks Comments on COPPA Rule

By Liisa Thomas and Rebecca Mackin on July 26, 2019 Posted in Children's Privacy, Online Privacy

The Federal Trade Commission is requesting comments and input on the effectiveness of the 2013 amendments it made to the Children’s Online Privacy Protection Rule. Although the FTC typically reviews its rules every ten years, it is doing so early because of rapid changes in and children’s expanded use of technology. Part of the input … Continue Reading

Texas Breach Law Will Change in 2020, To Require Attorney General Notification

By Liisa Thomas and Elfin Noce on June 25, 2019 Posted in Consumer Privacy, Data Breach, Data Security

New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on June 14, 2019, requires that the Texas attorney general be notified of a breach within 60 days. … Continue Reading

FTC and Car Dealership Software Company Reach Security Settlement

By Liisa Thomas on June 24, 2019 Posted in Consumer Privacy, Data Breach, Data Security, FTC

The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients include many car dealers across the country, and allows those dealerships to house consumer information that is collected during the car purchase process. This … Continue Reading

Nevada’s Amended Privacy Law: Groundbreaking or More of the Same?

By Rebecca Mackin and Liisa Thomas on June 20, 2019 Posted in Consumer Privacy, Online Privacy

Nevada recently amended its existing online privacy law to give Nevada residents the ability – in certain circumstances – to opt out of the sale of their data to third parties. The amendment goes into effect October 1, 2019, and modifies Nevada’s current requirement that website operators have privacy policies. As amended, companies who must … Continue Reading

CARU Takes Action Against Two Mobile Apps

By Robert Hough on June 19, 2019 Posted in Children's Privacy, Consumer Privacy, COPPA, Online Privacy

Two mobile apps directed at children were recently subject to action by the Children’s Advertising Review Unit. The first, “My Talking Tom,” is a virtual pet game for children operated by Outfit7 Limited. One issue was the display of Outfit7’s privacy policy. Under the Children’s Online Privacy Protection Act, privacy policies must be understandable, and … Continue Reading

Maine Passes Broadband Privacy Bill

By Elfin Noce on June 12, 2019 Posted in Data Security, Telecommunications Privacy

Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers, in part, customer web browsing history, application usage history, and geolocation information. An internet service provider may only use, disclose, sell or permit … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

By Townsend Bourne and Elfin Noce on May 22, 2019 Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things

“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree