- Posts by Tandy B. MathisCounsel
Tandy is counsel in the Litigation, Discovery, and Privacy & Data Security groups. She specializes in information management issues, including privacy and data security. Tandy uses her experience to help clients understand their ...
Utah recently became the fourth state in the United States, after California, Virginia and Colorado, to pass comprehensive privacy legislation. The Utah Consumer Privacy Act (the “UCPA”), passed by the Utah legislature as Senate Bill 227 and was signed by Governor Spencer Cox on March 24, 2022.
The California Privacy Rights Act of 2020 (“CPRA”) was approved during the California Statewide General Election as Proposition 24 on November 3, 2020. This means the California Consumer Privacy Act (“CCPA”) will be amended to the California Privacy Rights Act, which includes the establishment of a new privacy enforcement agency, new definitions for sensitive data with limits on use and sharing, and expanded breach liability.
The CPRA will enter into force on January 1, 2023 and, apart from the right to access, will apply to personal information collected by businesses back to January 1, 2022.
By Suzanne Gainey and Tandy Mathis. On October 10, California Attorney General Xavier Becerra announced that the long-awaited proposed regulations implementing the California Consumer Privacy Act (“CCPA”) are available for public comment. Although the regulations are not yet final, they do provide some visibility into what the Attorney General will expect from businesses that are subject to the CCPA. While the proposed regulations add some clarity to the (sometimes unclear) language of the CCPA, the regulations also raise new questions about the application of the CCPA ...
As anticipated, today New York’s governor signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) discussed in our recap of US data breach laws enacted in the first half of 2019. The bill passed the state senate by a margin of 41 – 21. The law updates the body of law governing data breaches in New York by increasing the scope of information subject to current data breach notification laws and expanding notification requirements.
A few weeks ago, Texas signed into law an amendment to its data breach law, capping off a busy first half of 2019 for state lawmakers in this arena. As we gear up for the second half of 2019, we thought a recap was worthwhile. The legislation reflects a number of trends, including increasing obligations on consumer reporting agencies (CRAs) to protect consumers (no doubt in part a reaction to the Equifax breach), and updating data breach notice and reporting to provide more transparency and more information to consumers to protect their data, and to update older laws to address ...
Today, the Illinois Supreme Court unanimously held that actual harm was not a necessary component of proving a breach of the state’s Biometric Information Privacy Act. This ruling found that Stacy Rosenbach, the mother of a minor whose thumbprint was collected by Six Flags as part of a season pass holder purchase, can be considered an “aggrieved person” under the state’s biometric privacy law without alleging that her child’s data was stolen or misused.
This decision is significant because Illinois has the nation’s only biometric privacy law with a private right of ...
By Tandy Mathis
On Friday, March 23, 2018, Congress passed a 2,232 page omnibus spending bill. Included in the bill was a bipartisan act known as the “Clarifying Lawful Overseas Use of Data Act” or CLOUD Act, which will allow United States law enforcement to access the data stored abroad for U.S. citizens and will provide some relief to foreign law enforcement agencies to access the data of their citizens when that data is stored in the U.S..
The CLOUD Act Overhauls an Outdated Stored Communications Act (SCA) and an Overburdened Mutual Legal Assistance Treaty (MLAT) Act
At its core ...
Tandy Mathis and Karin McGinnis
Good information governance requires not only protecting the security of sensitive and proprietary information; it often requires pursuing legal action against those who threaten the secrecy and value of a company’s trade secrets. The Defense of Trade Secrets Act (“DTSA”) both provides another tool for companies to pursue misappropriators of trade secrets and makes it more difficult for companies to quickly seize misappropriated trade secrets through court action. Given the challenges of the DTSA, companies should bolster their efforts ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.
Data Points: Privacy & Data Security Blog Updates
- The Consumer Financial Protection Bureau Stakes Out Its Enforcement Authority Over Unfair Information Security Practices
- Maryland Amendments to Data Security and Breach Notification Law
- The Devil Really is in the Details: The SEC Proposed Rule on Cybersecurity Risk Management for Investment Advisors, Registered Investment Companies and BDCs
- Will the U.S. Finally Pass Comprehensive Data Privacy Legislation?