Explore MVALAW.COM

California Consumer Privacy Act Update: AB25 and AB1355 Approved by California Governor

Earlier we posted an article regarding the amendments to the California Consumer Privacy Act by AB 25 and AB1355 creating a moratorium on the application of much of the CCPA to employee personal information—subject to approval by California’s governor. Pleased to report that Governor Newsom approved both AB25 and AB1355 and therefore the moratorium will be in effect until January 1, 2021. Some welcome relief to businesses trying to comply with the CCPA’s requirements.

California Consumer Privacy Act Update: California Legislature Provides Relief for Businesses Processing Employee Data

The California Consumer Privacy Act (CCPA) imposes significant protections for California residents covered by the law, and significant burdens for companies required to comply with it.    One area of concern is whether the CCPA applied to employee data collected by a business.  The language of the CCPA was unclear, but was open to the interpretation that its protections covered such data.  With an effective date of January 1, 2020, employers have been watching to see if the California legislature would clear up the uncertainty.  The good news is that for at least until January 1, 2021, most ...

NY Governor Signs Data Breach Security Law

As anticipated, today New York’s governor signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) discussed in our recap of US data breach laws enacted in the first half of 2019. The bill passed the state senate by a margin of 41 – 21. The law updates the body of law governing data breaches in New York by increasing the scope of information subject to current data breach notification laws and expanding notification requirements.

US Data Breach and Privacy 2019 Legislative Recap

A few weeks ago, Texas signed into law an amendment to its data breach law, capping off a busy first half of 2019 for state lawmakers in this arena.  As we gear up for the second half of 2019, we thought a recap was worthwhile.  The legislation reflects a number of trends, including increasing obligations on consumer reporting agencies (CRAs) to protect consumers (no doubt in part a reaction to the Equifax breach), and updating data breach notice and reporting to provide more transparency and more information to consumers to protect their data, and to update older laws to address ...

North Carolina Amendments to Data Breach Law Finally Introduced

On April 16, 2019, Representatives Saine, Jones and Reives introduced House Bill 904, the long anticipated amendments to the North Carolina Identity Theft Protection Act, N.C. Gen. Stat. § 75-61 et seq.. We first wrote about the proposed legislation in February 2018 [Two Proposed Data Security Laws Reflect National Trend Toward Affirmative Responsibilities]. The bill also amends the definition of identifying information in North Carolina’s criminal identity theft statute, N.C. Gen. Stat. § 14-113.20(b), adopted by reference in the Identity Theft Protection Act’s ...

Washington State Legislature Moves Toward Passage of Broad Consumer Data Privacy Law

Following in the footsteps of California, and the European Union’s General Data Protection Regulation, the State of Washington is taking steps to adopt a comprehensive privacy law focused on protecting consumer information. SB 5376, better known as the Washington Privacy Act, passed in the Washington State Senate on March 6, 2019 by a vote of 46 to 1 and had a public hearing in the Washington State House Committee on Innovation, Technology & Economic Development on March 22, 2019.

The bill has also received support from Microsoft General Counsel and former U.S. FTC Commissioner ...

Illinois Supreme Court Rules on Biometric Privacy Case

Today, the Illinois Supreme Court unanimously held that actual harm was not a necessary component of proving a breach of the state’s Biometric Information Privacy Act.  This ruling found that Stacy Rosenbach, the mother of a minor whose thumbprint was collected by Six Flags as part of a season pass holder purchase, can be considered an “aggrieved person” under the state’s biometric privacy law without alleging that her child’s data was stolen or misused.

This decision is significant because Illinois has the nation’s only biometric privacy law with a private right of ...

SEC Issues Disclosure Guidance as Part of Continued Focus on Cybersecurity

As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an active federal regulator in this arena. In September 2017, the SEC announced creation of a Cyber Unit housed within the SEC’s Enforcement Division that targets cyber-related misconduct, including hacking to obtain material nonpublic information, intrusions into retail brokerage accounts, and cyber-related threats to trading platforms and other ...

NYS DFS September 4, 2018 Cybersecurity Compliance Deadline

Tuesday, September 4, 2018 marked the New York State Department for Financial Service’s deadline for compliance with several sections of cybersecurity regulation 23 NYCRR 500 (the “Regulation”).  The Regulation covers any organization that operates (or is required to operate) under a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law (Title 3 of the NYCRR), the Insurance Law (Title 11 of the NYCRR), or the Financial Services Law (Title 23 or the NYCRR) (a “Covered Entity”).  This is the third compliance ...

Update on California Consumer Privacy Act

By Bret Buckler and Todd Taylor
Recently the state of California passed a data privacy and security law called the California Consumer Privacy Act (“CCPA”) (Assembly Bill 375, found here).

The law, which takes effect on January 1, 2020, is aimed at establishing a defined set of rights for consumers with regard to how their personal information is being collected and used.  The political push for the law comes on the heels of a contentious few months where tech giants such as Facebook have admitted to potentially problematic data breaches and oversharing of personal information ...

About Data Points: Privacy & Data Security Blog

The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.

Stay Informed

* indicates required
Jump to Page

Subscribe To Our Newsletter

Stay Informed

* indicates required

By using this site, you agree to our updated Privacy Policy and our Terms of Use.