Data Points: Privacy & Data Security Blog

The saga of the Capital One data breach, which impacted an estimated 106 million individuals in the U.S. and Canada, may soon be coming to an end. After more than two years of litigation, the parties have reached a settlement that would resolve existing and future consumer claims arising out of the 2019 breach which impacted Capital One customer information stored in the Amazon Web Services (AWS) cloud environment. If the settlement is approved, it will be one of the largest in any multidistrict data breach litigation.

Colorado is now the third state in the U.S. to pass comprehensive privacy legislation, following in the footsteps of California and Virginia. The Colorado Privacy Act (the “CPA”), passed by the state’s General Assembly as SB 190, is currently awaiting signature by Governor Jared Polis. If signed, the CPA will become effective July 1, 2023. 

The CPA includes a mix of concepts similar to those found in other comprehensive privacy legislation passed in the U.S. (e.g., the California Consumer Privacy Act (the “CCPA”) and Virginia’s Consumer Data Protection Act (the ...

By Suzanne Gainey and Tandy Mathis.  On October 10, California Attorney General Xavier Becerra announced that the long-awaited proposed regulations implementing the California Consumer Privacy Act (“CCPA”) are available for public comment.  Although the regulations are not yet final, they do provide some visibility into what the Attorney General will expect from businesses that are subject to the CCPA.  While the proposed regulations add some clarity to the (sometimes unclear) language of the CCPA, the regulations also raise new questions about the application of the CCPA ...