Category: Privacy

A New Consumer Data Protection Bill in Oregon: A Summary of SB 619

Earlier this month, the Oregon state legislature introduced Senate Bill (SB) 619, “relating to protections for the personal data of consumers.” The bill has since been referred to the Senate Committee on Judiciary and the Joint Committee on Ways and Means. Of course, Oregon would not be the first state to enact general, or omnibus, … Continue Reading

Class Action Suits Targeting Biometric Information Continue to Seek Large Payouts

By Jacob Goldberg on December 19, 2022 Posted in Data Protection, ePrivacy, Law/Regulation Update, Privacy

To say that class action litigation regarding the use or collection of “biometric information” – such as fingerprints, face records, or voice records – is expensive would be a gross understatement. The damages sought, and sometimes recovered, in litigation under the Illinois Biometric Information Privacy Act and similar laws that impose statutory penalties can be … Continue Reading

Executives Personally Sued for Data Privacy Incidents

By Nathan Morales on December 8, 2022 Posted in Announcements, Data Breach, Data Protection, Law/Regulation Update, Privacy, Security

If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect your own pocketbook. As governments across the globe continue to enact and enforce data privacy, data protection, and cybersecurity laws, data becomes more readily available, and the volume of incidents … Continue Reading

The Current State of General State Privacy Laws

By John Pavolotsky on October 24, 2022 Posted in ePrivacy, Law/Regulation Update, Privacy

It’s a great time to be a privacy attorney. On October 17, 2022, the California Privacy Protection Agency (CPPA) released the next draft of the regulations under the California Privacy Rights Act of 2020 (CPRA) as well as a document explaining the proposed modifications. Two days of public hearings were recently held on October 21-22, … Continue Reading

Illinois Court of Appeals: Statute of Limitations for Most Biometric Privacy Claims Remains at Five Years

By Jacob Goldberg on October 19, 2021 Posted in Law/Regulation Update, Privacy

In Illinois, the Biometric Information Privacy Act (“BIPA”) regulates the collection and use of “biometric information” such as fingerprints, facial images, and voice records. It imposes significant penalties and has generated a cottage industry of class action litigation—hundreds of cases have been filed and millions of dollars in liability have been assessed. It is also … Continue Reading

Portland’s New Facial Recognition Ban Increases Litigation Risk, Creates Uncertainty

By Jacob Goldberg on February 3, 2021 Posted in Privacy, Security, Software

Is your business using or thinking of using facial recognition technology for activities in Portland, Oregon? Think again. That’s the message to businesses operating in Portland in a new ordinance that broadly bans the use of facial recognition technology in the city, subject to certain exceptions. The ordinance, which took effect January 1, 2021, restricts … Continue Reading

Digital Transformation – Cybersecurity Lessons from Recent Lawsuits

By Romaine Marshall, Jon Washburn and Jose Abarca on October 5, 2020 Posted in Cyber Attack, Privacy, Security

Digital transformation,[1] the process of leveraging technology, people and processes to innovate, requires an “all-in, ongoing commitment to improvement.”[2] But the main drivers of digital transformation – data and profits – don’t always mesh seamlessly. As shown by recent class actions filed against Blackbaud and Morgan Stanley, and a settlement with the New York Attorney General … Continue Reading

Coast to Coast and Back Again – Cybersecurity and Data Privacy Rules

By Romaine Marshall, Jose Abarca and Jon Washburn on July 1, 2020 Posted in Privacy, Security

March 2020 will long be remembered as the month and year of en masse shutdowns. But the pandemic has done little if anything to slow new cybersecurity and data privacy laws. As highlighted below, regulations for one have been submitted (CA), another has gone into effect (NY), and yet another has been proposed (CA). California … Continue Reading

Soon, All Ransomware Attacks May Be Data Breaches

By Jon Washburn on March 18, 2020 Posted in Cyber Attack, Cyber Crime, Data Breach, Privacy, Security

As this recent article illustrates, many ransomware operators are now collecting information from victims before encrypting their data, and then threatening to release what they’ve collected – or actually releasing some of it – to increase the chance they’ll get paid. There have been many cases already where at least a portion of data has … Continue Reading

Family Educational Rights and Privacy Act in the Age of COVID-19

By Hunter Ferguson on March 17, 2020 Posted in Announcements, FERPA, Privacy

The U.S. Department of Education released some FAQs related to the Family Educational Rights and Privacy Act (FERPA) and corona virus. The Department’s Student Privacy Policy Office prepared the FAQs to assist officials in educational agencies and institutions such as school districts, schools, colleges and universities in managing public health issues related to COVID-19 while … Continue Reading

Utah Considers a Cybersecurity Safe Harbor as Ransomware Runs Riot

By Romaine Marshall on February 25, 2020 Posted in Cyber Crime, ePrivacy, Law/Regulation Update, Privacy, Security

Last year the FTC mandated what an organization’s written cybersecurity program should include to avoid being deemed “unfair and deceptive” to consumers,[1] and this year California consumers whose personal information is compromised may file lawsuits against organizations that failed to implement “reasonable security.”[2] But several states provide legal safe harbors to organizations with written cybersecurity programs. … Continue Reading

NIST Releases a Standard for Privacy

By Jon Washburn on February 7, 2020 Posted in ePrivacy, Privacy, Security

As states fill the legal void for consumer privacy rights,[1] a new federal standard has emerged to assist companies with their compliance efforts. The National Institute of Standards and Technology (“NIST”) Privacy Framework (“PF”) was released last month to help organizations manage the risks associated with their data processing activities. What the PF Does The … Continue Reading

CCPA Is Here – Is Your Security “Reasonable”?

By Romaine Marshall on January 7, 2020 Posted in ePrivacy, Privacy, Security, Uncategorized

Under the California Consumer Privacy Act, any California consumer whose personal information is compromised “as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices … may institute a civil action.”[1] Consumers can initiate this private right of action right now, whereas other consumer rights can only … Continue Reading

CCPA is Here – Are Your Agreements Ready?

By Romaine Marshall on December 27, 2019 Posted in ePrivacy, Privacy, Security

On January 1, 2020, if your company sells goods or services to California consumers and meets certain criteria,[1] the agreements you have with companies that handle personal information on your behalf should be analyzed and, if necessary, updated just as your privacy notices should be updated.[2] Examples of companies that handle personal information on a … Continue Reading

CCPA is Here – Is Your Privacy Notice Ready?

By Romaine Marshall on December 11, 2019 Posted in ePrivacy, Privacy, Security

Last year towards the end of May, a barrage of emails and pop-ups informed online users about how companies use cookies – small bits of software that track website activity – in accordance with a requirement under the European Union’s General Data Protection Regulation. On January 1, 2020, many companies will inform consumers about updates … Continue Reading

Cyber Risk Update for Construction Companies

By Tamara Boeck and Jon Washburn on November 11, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, Fraud, Privacy

Scammers are always seeking new ways to target victims for Business Email Compromise (BEC) scams, where they leverage email to try to convince you to give them credentials, send them confidential information like W2s, send them money by changing things like direct deposit instructions, or give any other data that can help them profit from … Continue Reading

Achieving Industry Standards

By Jon Washburn on October 28, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, Privacy, Security

For Cybersecurity and Privacy, “What Are the Industry Standards? Are We Meeting Them?” These are questions the FTC Chairman, Joseph Simons, strongly suggested a CEO must ask before a data breach occurs to avoid the prospect of personal liability. These questions and statements by other commissioners emphasizing the FTC’s role – to bring about a … Continue Reading

Is your organization ready for global privacy regulations?

By Jon Washburn on September 18, 2019 Posted in ePrivacy, Privacy

The Internet Society’s Online Trust Alliance (OTA) released a report this week that measured 1200 U.S.-based organizations’ readiness for three major global privacy regulations: the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States that goes into effect January 1, 2020, and the Personal Information … Continue Reading

Recent FTC Enforcement Actions

By Jon Washburn on August 22, 2019 Posted in Privacy

What the FTC Wants, the FTC (Mostly) Gets In recent weeks the Federal Trade Commission has been on a tear. As one example, on July 22 it announced a $700 million settlement with Equifax for “the 2017 data breach that jeopardized the personal data of a staggering 147 million people.” But it is a decision … Continue Reading

CCPA is Coming – Is Your Business Prepared For The Data Requests & Lawsuits?

By Hunter Ferguson on April 29, 2019 Posted in Law/Regulation Update, Privacy

Does your business collect personal information from residents in California? Does it monitor user activity on its website? If so, there is a good chance it will need to comply with the California Consumer Privacy Act (“CCPA”), which takes effect January 1, 2020. Following the European Union’s implementation of GDPR, California adopted the CCPA, which … Continue Reading

Yahoo! Breach Class Action Poised to Settle

By Jon Washburn on October 29, 2018 Posted in Data Breach, Privacy, Security, Uncategorized

The Yahoo! class action over the 2013-2014 hacks, affecting 1 billion (later updated to 3 billion) accounts, is poised to settle for $85 million – and the provision of free credit monitoring services for 200 million account holders for 2 years. While $85 million may seem like a relative bargain compared to the $350 million Verizon … Continue Reading

The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates

By Jon Washburn on October 12, 2018 Posted in ePrivacy, Events, Privacy

This past Wednesday, the Senate Commerce Committee held another hearing on consumer data privacy, this time giving voice to prominent privacy advocates. Previous testimony in September from leading technology businesses focused on concerns with the complexity of having to comply with a patchwork of different state privacy regulations, broad definitions of “personal information” in the … Continue Reading