Explore MVALAW.COM

Resolving  a split in lower courts, the U.S. Supreme Court issued a ruling in June limiting the type of conduct that can be prosecuted under the federal Computer Fraud and Abuse Act of 1986 (CFAA), a statute often used by U.S. Attorneys to prosecute hackers.  In a 6-3 decision, SCOTUS ruled in Van Buren v. United States that Section 1030(a)(2) of the CFAA does not impose liability on individuals who use a computer to alter or obtain information they otherwise are entitled to obtain, even when they access the information for a prohibited purpose.  In so ruling, SCOTUS limited a powerful federal ...

Colorado is now the third state in the U.S. to pass comprehensive privacy legislation, following in the footsteps of California and Virginia.  The Colorado Privacy Act (the “CPA”), passed by the state’s General Assembly as SB 190, is currently awaiting signature by Governor Jared Polis.  If signed, the CPA will become effective July 1, 2023. 

The CPA includes a mix of concepts similar to those found in other comprehensive privacy legislation passed in the U.S. (e.g., the California Consumer Privacy Act (the “CCPA”) and Virginia’s Consumer Data Protection Act (the ...

EEOC Updated Vaccination Guidance - May 28th

The U.S. Equal Employment Opportunity Commission (EEOC) on May 28, 2021 issued updated guidance on vaccinations. The relevant excerpts are attached and the full EEOC guidance is here https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws

In short:

  • During the pandemic, employers can mandate that employees receive the COVID 19, subject to exceptions such as required accommodations for persons with disabilities (see K5);
  • Employers can require employees to provide the employer documentation showing that ...
The Supreme Court’s Facebook Ruling Narrows TCPA Claims—But Does Not Eliminate Them

Last month, the Supreme Court resolved a long-standing circuit split over the definition of an “automatic telephone dialing system” (ATDS) under the Telephone Consumer Protection Act (TCPA). The highly-anticipated decision in Facebook v. Duguid narrowed the type of equipment that constitutes an ATDS, and therefore drastically limited the scope of “automated” calls and texts that violate the TCPA.  

USDOL Offers Guidance on Data Security for Plan Fiduciaries and Service Providers

The Employee Benefits Security Administration of the United States Department of Labor (“EBSA”)  recently published guidance regarding cybersecurity best practices for recordkeepers and service providers responsible for plan related information technology systems and data for ERISA-covered plans, including 401k and other pension plans.

The EBSA counseled that a plan’s service providers should implement the following practices:

  1. Have a formal, well documented cybersecurity program.
  2. Conduct prudent annual risk assessments.
  3. Have a reliable annual third-party ...

Virginia’s Consumer Data Protection Act makes it the second state to pass a comprehensive data privacy law.

Another Major Setback for EU-U.S. Data Transfer in “Schrems II”

On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its judgment in the “Schrems II” case, cautiously upholding Standard Contractual Clauses (SCCs) and invalidating the popular EU-U.S. Privacy Shield.  The judgment is the second major triumph affecting transatlantic commerce for Austrian privacy activist, Max Schrems. 

Under the EU’s General Data Protection Regulation (“GDPR”), an organization may only transfer individuals’ personal data to non-EU countries for processing if the European Commission determines the third country ...

Beware Compromised Business Email . . .and the Litigation That Follows

Businesses are facing this system hack with ever-increasing frequency:  An accounts payable employee receives new or updated payment instructions from a vendor via email.  The email appears to be from a familiar counterpart at the vendor; it contains accurate details specific to a current transaction; the new bank is well known; and the new instructions have the vendor’s name, or a version of it, as the beneficiary.

Update: The Washington Privacy Act

For more background on the Washington Privacy Act, see: Washington State Legislature Takes Another Shot At a Consumer Data Privacy Law (DataPoints, 1/22/2020)


Senate Bill 6281, the Washington Privacy Act, passed out of the Senate on February 14 and moved to the House of Representatives where it is expected to run up against some skepticism and questions. 

The bill was drafted to help bring Washington state more in line with California’s and the EU’s data privacy regulation efforts, in the absence of comprehensive privacy regulation at the federal level.  The Act places ...

Washington State Legislature Takes Another Shot At a Consumer Data Privacy Law

Following an unsuccessful attempt last year at passing a comprehensive data privacy bill, the Washington State Legislature is hoping the second time’s the charm. Senate Bill 6281, this session’s updated version of The Washington Privacy Act, is based on the best practices taken from the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) which went into effect on January 1 of this year. Although last year’s effort fizzled in Washington’s House of Representatives after passing the Senate 46-1, SB 6281 has been ...

About Data Points: Privacy & Data Security Blog

The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.

Stay Informed

* indicates required
Jump to Page

Subscribe To Our Newsletter

Stay Informed

* indicates required

By using this site, you agree to our updated Privacy Policy and our Terms of Use.