Effective July 1, 2022, owners of personally identifiable information on residents of Indiana must provide notice of a data breach no later than 45 days after discovering of the breach. Currently, Indiana’s data breach law requires notice of a breach “without unreasonable delay.” When the amendment goes into effect in July, the 45-day period will be the latest that notice can be given.
Utah recently became the fourth state in the United States, after California, Virginia and Colorado, to pass comprehensive privacy legislation. The Utah Consumer Privacy Act (the “UCPA”), passed by the Utah legislature as Senate Bill 227 and was signed by Governor Spencer Cox on March 24, 2022.
Invites to free webinars are not unsolicited advertisements, says Maryland federal court
The Telephone Consumer Protection Act (TCPA) prohibits sending an “unsolicited advertisement” to a fax machine, absent certain conditions. An “unsolicited advertisement” is “any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person” without prior permission.
On its face, the TCPA’s definition seemingly would not include invitations to free seminars or webinars. However, in 2006 the Federal ...
The saga of the Capital One data breach, which impacted an estimated 106 million individuals in the U.S. and Canada, may soon be coming to an end. After more than two years of litigation, the parties have reached a settlement that would resolve existing and future consumer claims arising out of the 2019 breach which impacted Capital One customer information stored in the Amazon Web Services (AWS) cloud environment. If the settlement is approved, it will be one of the largest in any multidistrict data breach litigation.
California federal court rejects plaintiff’s attempt to circumvent Facebook
In April 2021, the Supreme Court dealt a massive blow to Telephone Consumer Protection Act claims based on automatic telephone dialing systems restrictions in its Facebook, Inc. v. Duguid ruling. You can read more about the Facebook decision here. In short, Facebook significantly narrowed the definition of “automatic telephone dialing systems,” thereby eliminating TCPA liability for voice calls—or text messages—produced by those systems. Facebook, however, did not limit liability for calls that used a prerecorded or artificial voice. But because text messages do not use prerecorded or artificial voices, Facebook was considered to largely (but not completely) wipe out TCPA liability for text messages.
Today the Supreme Court issued an order staying the OSHA Emergency Temporary Standard (ETS) that would have required all employers with 100 or more employees to enforce Covid-19 vaccination or testing requirements.
On September 9, 2021, the Biden Administration issued a variety of measures designed to promote COVID-19 safeguards and decrease the spread of the COVID-19 virus. Such measures included two Executive Orders and President Biden’s COVID-19 Action Plan, all three of which greatly impact employers of varying sizes and industries.
The legal issues surrounding COVID-19 vaccines and mandates on employees are not unique to the United States. Karin McGinnis, Co-head of Moore & Van Allen's Data Privacy Team and member of Employment & Labor and Litigation Teams, recently collaborated with 11 esteemed colleagues from Globalaw™ in creating an article examining the law on COVID-19 vaccines in the workplace across five continents.
You can find the article here.
For questions and specific guidance regarding workplace vaccination regulations, contact Karin at the below link.
Resolving a split in lower courts, the U.S. Supreme Court issued a ruling in June limiting the type of conduct that can be prosecuted under the federal Computer Fraud and Abuse Act of 1986 (CFAA), a statute often used by U.S. Attorneys to prosecute hackers. In a 6-3 decision, SCOTUS ruled in Van Buren v. United States that Section 1030(a)(2) of the CFAA does not impose liability on individuals who use a computer to alter or obtain information they otherwise are entitled to obtain, even when they access the information for a prohibited purpose. In so ruling, SCOTUS limited a powerful federal ...
Colorado is now the third state in the U.S. to pass comprehensive privacy legislation, following in the footsteps of California and Virginia. The Colorado Privacy Act (the “CPA”), passed by the state’s General Assembly as SB 190, is currently awaiting signature by Governor Jared Polis. If signed, the CPA will become effective July 1, 2023.
The CPA includes a mix of concepts similar to those found in other comprehensive privacy legislation passed in the U.S. (e.g., the California Consumer Privacy Act (the “CCPA”) and Virginia’s Consumer Data Protection Act (the ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.