Colorado recently joined Virginia and California in passing a more comprehensive privacy law. The Colorado Privacy Act (CPA) will go into effect July 1, 2023. This is six months after Virginia’s law (CDPA) and California’s Privacy Rights Act (CPRA), which amends the existing CCPA, go into effect. The law does not have a private right of action, and the AG is to adopt regulations on certain aspects by July 1, 2023.

Continue Reading And Then There Were Three: Colorado Passes Privacy Law, Effective July 2023

Texas’s data breach notification law was recently amended to require the state’s Attorney General to post notice of data breaches on a public website within 30 days of receiving notice of the data breach. It also requires companies to provide the AG with more information when notifying the AG of a breach.

Continue Reading Texas Breach Notification Law Amended, Changes Effective September 1, 2021

New York City recently enacted a biometric ordinance that is set to come into effect July 9, 2021. With this ordinance, NYC joins other cities (like Portland) in regulating the use of biometric information. The ordinance may impact retailers, restaurants, and entertainment venues in the city that use security cameras with facial-recognition technology or otherwise collect biometric identifiers from their customers.
Continue Reading New York City Biometric Ordinance Effective July 9, Are You Ready?

Nevada’s governor recently approved an amendment to their privacy law. As we covered previously, generally, this law affords consumers a right to opt out of the “sale” of their data to third parties.  The amendment broadens (1) the scope of the law to also apply to “data brokers” and (2) consumers right to opt-out of sale. The changes are expected to go into effect October 1, 2021.
Continue Reading Nevada Broadens its Privacy Law

The Department of Labor recently issued cybersecurity guidance to retirement plans. The department’s Employee Benefits Security Administration (EBSA) issued guidance in three areas: (1) hiring and working with vendors and service providers; (2) implementing an internal cybersecurity program for the plan; and (3) online security for plan participants and end-users.
Continue Reading Cybersecurity Guidance Issued to Retirement Plan Sponsors

The Supreme Court recently dealt a potential blow to the FTC’s enforcement tool chest.  In particular, the decision impacts its ability to seek monetary relief under a theory it has used in a wide variety of cases, included privacy and security ones, that monetary relief constitutes a “permanent injunction” on consumers’ behalf. In AMG Capital Management, LLC v. Federal Trade Commission, the Supreme Court held that while the FTC should be able to obtain injunctive relief to stop unfair practices, that power does not extend to seeking monetary relief for injured consumers.
Continue Reading Supreme Court Decision Impacts How FTC May Pursue Privacy Cases

Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s Consumer Privacy Act (“CCPA”), namely the California Privacy Rights Act). Although this new Virginia law has been compared by many to California’s current CCPA and the EU’s GDPR, there are some differences. Businesses will find most of the differences a relief, although the law does introduce a few new concepts.
Continue Reading Virginia is for…Privacy: Comprehensive Law Passed, Effective January 2023

The Federal Trade Commission recently entered the biometric fray. It settled with a now-defunct photo-storage app over its use of facial recognition technology. According to the FTC, the company engaged in a variety of deceptive and unfair acts, in violation of Section 5 of the FTC Act.
Continue Reading Defunct Photo App Agrees to Erase Biometric Data in FTC Settlement

Alleging unfair and deceptive practices in violation of the FTC Act, the FTC recently entered into a settlement agreement with SkyMed International, Inc. The company sells travel emergency plans to individuals who sustain medical emergencies or injuries while traveling internationally, and has signed up -according to the FTC- thousands of consumers. During the sign-up process individuals provided the company with sensitive health information.
Continue Reading FTC Settles with Travel Services Provider Over Security Issues