Category Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

Seventh Circuit Issues Landmark BIPA Decision

The Seventh Circuit has recently ruled that plaintiffs have standing to enforce the Illinois Biometric Information Privacy Act’s informed consent requirements in federal court. As we have written before, , BIPA regulates the collection, use, and retention of a person’s biometric information, e.g., fingerprints, face scans, etc. For years, federal trial courts have been split … Continue Reading

Turn On the Camera Part Three: Fulfilling CCPA Training Obligations in the Face of COVID-19

As many who have been tracking CCPA are aware, the law requires training employees who handle consumer inquiries, and ensuring that employees understand how to help consumers exercise their rights. Since most of those rights requests are arriving by web page, email, and phone, it is unlikely that rights requests will slow in the face … Continue Reading

FTC Releases 2019 Privacy and Security Year in Review

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a … Continue Reading

And the Modified Proposed CCPA Regulations are Here!

On February 10, the California Attorney General’s office released a highly anticipated updated draft of the proposed CCPA regulations. This draft corrected a version first issued on February 7, 2020. These latest updates follow the four public hearings held in December 2019 and nearly 1,700 pages of comments submitted after the AG first released the initial proposal … Continue Reading

A Single Text Message May Not Violate TCPA

As we reported in our sister blog, “One ‘Chirp, Buzz, Or Blink’ Is Not Enough To Sue Under the TCPA”, a recent court decision makes it more difficult for plaintiffs to establish standing under the Telephone Consumer Protection Act. In its decision, the Eleventh Circuit ruled that a single text message from an attorney to … Continue Reading

Preparing for New York’s New Data Security Requirements

New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required by the Act go into effect in March 2020. Companies that are already subject to and compliant with data security requirements under HIPAA, GLBA, or … Continue Reading

French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing … Continue Reading

Texas Breach Law Will Change in 2020, To Require Attorney General Notification

New requirements to the Texas data breach statute, including a requirement to notify the Texas attorney general of a breach, are set to go into effect January 1, 2020. The legislation, signed by Texas Governor, Greg Abbot, on June 14, 2019, requires that the Texas attorney general be notified of a breach within 60 days. … Continue Reading

FTC and Car Dealership Software Company Reach Security Settlement

The FTC recently settled with LightYear Dealer Technologies, maker of DealerBuilt software, over allegations that the company failed to provide adequate protection for the personal data it houses. The companies’ clients include many car dealers across the country, and allows those dealerships to house consumer information that is collected during the car purchase process. This … Continue Reading

Nevada’s Amended Privacy Law: Groundbreaking or More of the Same?

Nevada recently amended its existing online privacy law to give Nevada residents the ability – in certain circumstances – to opt out of the sale of their data to third parties. The amendment goes into effect October 1, 2019, and modifies Nevada’s current requirement that website operators have privacy policies. As amended, companies who must … Continue Reading

CARU Takes Action Against Two Mobile Apps

Two mobile apps directed at children were recently subject to action by the Children’s Advertising Review Unit. The first, “My Talking Tom,” is a virtual pet game for children operated by Outfit7 Limited. One issue was the display of Outfit7’s privacy policy. Under the Children’s Online Privacy Protection Act, privacy policies must be understandable, and … Continue Reading

Utah Requires Law Enforcement Search Warrants

Effective this week, law enforcement in Utah will need a search warrant to obtain for certain electronic records. The new state legislation looks to expand privacy protections for content that consumers store online. Generally, the third-party doctrine limits the protection this type of information receives under Fourth Amendment protections against unreasonable searches and seizures. The … Continue Reading

Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) … Continue Reading

FTC Looks Back at 2018

As we enter into the second quarter of the year, the FTC has released its annual report on privacy and data security, and the steps it took in those areas over the course of 2018. The report includes summaries of its actions against companies for alleged violations of the FTC Act,  CAN-SPAM, and COPPA, among … Continue Reading

UK’s ICO Brings Texting Enforcement Action, Fines Vote Leave 40,000 Pounds

Prior to the “Brexit” vote in 2016, the pro-Brexit campaign, Vote Leave, sent almost 200,000 unsolicited texts in violation of the Privacy and Electronic Communications Regulations (PECR), according to a recent settlement it reached with the ICO. Under those regulations, as the ICO outlines in its PECR guidance, consumers must either have opted into receiving … Continue Reading

E-Cig Company Settles Online Behavioral Advertising Inquiry

A Dutch e-cigarette company recently settled a self-regulatory inquiry over its online behavioral advertising practices. The Accountability Program (a US self-regulatory group that oversees online and interactive behavioral advertising) found that the company, Fontem, did not provide sufficient methods for individuals to opt out of online behavioral advertising (OBA). The Accountability Program enforces the Digital … Continue Reading

Happy First Day of Spring! Ohio Insurance Law Effective Today

Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, … Continue Reading

New York Department of Financial Services Releases Letter Regarding Third Party Data Sources

In a recent letter, the New York Department of Financial Services provided guidance for insurers who use third party data to help with their underwriting decisions. The letter was drafted in response to reports that insurers are getting information about potential insureds from many “unconventional” data sources, including those that contain predictive models and algorithms. … Continue Reading

Cyber Concerns Lead to EU Recall of a Connected Kids Devices

Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their children. According to the European Commission, security issues with the device could allow a hacker to access a user’s data, including location … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree