Category Archives: Privacy

Subscribe to Privacy RSS Feed

California Follows Vermont, Requires Data Broker Registration

Liisa ThomasBy Liisa Thomas and Julia Kadish on Posted in California Privacy, CCPA, Consumer Privacy
Joining Vermont, California will now require data brokers to register with the California Attorney General. The law was signed October 11, 2019. It applies to companies that “knowingly” collect and sell personal information about consumers with whom they do not have a “direct relationship.” They must register with the AG by January 31, 2020.… Continue Reading

A Single Text Message May Not Violate TCPA

Shannon PetersenLiisa ThomasLisa YunElfin NoceBy Shannon Petersen, Liisa Thomas, Lisa Yun and Elfin Noce on Posted in Communication Privacy, Consumer Privacy, TCPA
As we reported in our sister blog, “One ‘Chirp, Buzz, Or Blink’ Is Not Enough To Sue Under the TCPA”, a recent court decision makes it more difficult for plaintiffs to establish standing under the Telephone Consumer Protection Act. In its decision, the Eleventh Circuit ruled that a single text message from an attorney to … Continue Reading

CNIL Issues Record-Keeping Guidance

Liisa ThomasSylvie RousseauRebecca MackinBy Liisa Thomas, Sylvie Rousseau and Rebecca Mackin on Posted in EU Privacy, GDPR
Under GDPR, companies are required to keep certain records of their processing activities. There has been some question about the types of records controllers should keep. To help clarify the questions arising from many companies, CNIL issued guidance recently about how to fulfill record keeping obligations. The guidance includes an RPA template for controllers, and outlines contents to … Continue Reading

Will More Clarity on Definition of ATDS Under TCPA Finally Be Here Soon?

Shannon PetersenLiisa ThomasLisa YunBy Shannon Petersen, Liisa Thomas, Lisa Yun and Julia Kadish on Posted in Communication Privacy, Consumer Privacy, TCPA
The Sixth Circuit is the latest court to weigh in on the definition of ATDS under TCPA. The TCPA defines ATDS as equipment that has the capacity “to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers.” Generally, the TCPA prohibits calls and text … Continue Reading

Preparing for New York’s New Data Security Requirements

Liisa ThomasKari RollinsElfin NoceBy Liisa Thomas, Kari Rollins and Elfin Noce on Posted in Consumer Privacy, Consumer Privacy, Data Protection, Data Security
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required by the Act go into effect in March 2020. Companies that are already subject to and compliant with data security requirements under HIPAA, GLBA, or … Continue Reading

Processor or Controller? It Really Depends

Rebecca MackinBy Rebecca Mackin on Posted in EU Privacy, Healthcare Privacy
The European Data Protection Board and the European Data Protection Supervisor recently issued a joint opinion on the processing of personal data and the role of the European Commission within the eHealth Digital Health Service Infrastructure. As background, the eHealth Network is a network of eHealth authorities designated by the EU member states. Its main … Continue Reading

Utility Provider Settles Call Recording Lawsuit for $3.7 Million

Robert HoughSarah WilliamsonBy Robert Hough and Sarah Williamson on Posted in California, Communication Privacy, Consumer Privacy, Online Privacy, TCPA
Tiger Natural Gas, Inc. recently settled a class action privacy suit alleging that it illegally recorded sales calls with over 27,000 potential customers. Although Tiger hired a third party to handle its telemarketing, Tiger will pay $3.7 million on the claims as the advertiser with ultimate liability for non-compliance. According to the plaintiffs, neither company … Continue Reading

French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

Alyssa ShauerBy Alyssa Shauer on Posted in Consumer Privacy
CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing … Continue Reading

Texas Breach Law Will Change in 2020, To Require Attorney General Notification

Liisa ThomasElfin NoceBy Liisa Thomas and Elfin Noce on Posted in Consumer Privacy, Data Breach, Data Security
New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on June 14, 2019, requires that the Texas attorney general be notified of a breach within 60 days. … Continue Reading

FTC and Car Dealership Software Company Reach Security Settlement

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy, Data Breach, Data Security, FTC
The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients include many car dealers across the country, and allows those dealerships to house consumer information that is collected during the car purchase process. This … Continue Reading

Nevada’s Amended Privacy Law: Groundbreaking or More of the Same?

Rebecca MackinLiisa ThomasBy Rebecca Mackin and Liisa Thomas on Posted in Consumer Privacy, Online Privacy
Nevada recently amended its existing online privacy law to give Nevada residents the ability – in certain circumstances – to opt out of the sale of their data to third parties. The amendment goes into effect October 1, 2019, and modifies Nevada’s current requirement that website operators have privacy policies. As amended, companies who must … Continue Reading

CARU Takes Action Against Two Mobile Apps

Robert HoughBy Robert Hough on Posted in Children's Privacy, Consumer Privacy, COPPA, Online Privacy
Two mobile apps directed at children were recently subject to action by the Children’s Advertising Review Unit. The first, “My Talking Tom,” is a virtual pet game for children operated by Outfit7 Limited. One issue was the display of Outfit7’s privacy policy. Under the Children’s Online Privacy Protection Act, privacy policies must be understandable, and … Continue Reading

Maine Passes Broadband Privacy Bill

Elfin NoceBy Elfin Noce on Posted in Data Security, Telecommunications Privacy
Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers, in part, customer web browsing history, application usage history, and geolocation information. An internet service provider may only use, disclose, sell or permit … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

Townsend BourneElfin NoceBy Townsend Bourne and Elfin Noce on Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things
“Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

Utah Requires Law Enforcement Search Warrants

Elfin NoceBy Elfin Noce on Posted in Consumer Privacy, Data Security
Effective this week, law enforcement in Utah will need a search warrant to obtain for certain electronic records. The new state legislation looks to expand privacy protections for content that consumers store online. Generally, the third-party doctrine limits the protection this type of information receives under Fourth Amendment protections against unreasonable searches and seizures. The … Continue Reading

EDPB Seeks Comment On Online Services Guidance

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy, GDPR
The European Data Protection Board is seeking comment about proposed guidelines that impact websites that provide online services. This might include services a user pays for, or where the fee is indirect (the services being funded through advertising dollars, for example). The EDPB guidance points out that these services typically fall under the provision of … Continue Reading

UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies

Liisa ThomasBy Liisa Thomas on Posted in Behavioral Advertising, Children's Privacy, EU Privacy, Online Privacy
The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member information with third parties like Acxiom and Equifax). Here, in reaching its conclusion that the company had … Continue Reading

Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

Alyssa ShauerBy Alyssa Shauer on Posted in CCPA, Consumer Privacy, GDPR
The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) … Continue Reading

FTC Looks Back at 2018

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy, Data Security, FTC
As we enter into the second quarter of the year, the FTC has released its annual report on privacy and data security, and the steps it took in those areas over the course of 2018. The report includes summaries of its actions against companies for alleged violations of the FTC Act,  CAN-SPAM, and COPPA, among … Continue Reading

UK ICO Settles with Marketer Over Unsolicited Email Messages

Liisa ThomasBy Liisa Thomas on Posted in Communication Privacy, EU Privacy
Grove Pension Solutions Ltd is a UK-based company that helps people get “pension releases,” i.e. getting money out of their pensions. The company uses a vendor to conduct lead generation. That vendor would identify individuals who had given consent to get messages on a variety of third party websites (including for example, soapboxsurvey.co.uk). None of … Continue Reading

France Continues to Focus on Use of Biometrics

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy
The French CNIL (the country’s data protection authority) has released rules for how companies can use the biometric information of their employees. Fingerprint scanning is a popular method for “clocking in” around the globe, and like the biometric laws in the US (in particular in Illinois, which we have written about here), it has fallen … Continue Reading

European Data Protection Board’s Priorities for 2019/2020

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy, GDPR
The European Data Protection Board (EDPB) has released its priorities for 2019/2020 in its two-year “Work Program.” The EDPB is charged with issuing guidelines and opinions about GDPR, advising the European Commission about privacy-related issues, to help with the “consistent application” of GDPR, and to promote cooperation among the EU Member States’ supervisory authorities. Among … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree