Part 2: Insurance Company Compliance with the CCPA as Businesses


This blog post is our second post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on insurers’ compliance obligations under the CCPA. If you would benefit from a background discussion on the CCPA, please visit our first post in this series entitled “Part 1: The California Consumer Privacy Act – What Insurers Need to Know.” The CCPA applies to insurers to the extent they qualify as “businesses” that “collect or determine…
Continue reading...

Biometric Class Action Against Facebook Greenlit by Ninth Circuit Court of Appeals

In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.  At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court…
Continue reading...

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business…
Continue reading...

2019 Verizon Data Breach Report: Updating Consumers On How to Protect Themselves Again

The 2019 Verizon Data Breach Investigation Report (DBIR) was released at the end of May. This report provides an overview of data and statistical research relating to cyber threats as well as potential defenses to counteract them. The overall goal of the DBIR is to provide potential information and suggestions relating to protection as well as cyberattack recovery.  This year’s report proved to be the most extensive review yet conducted, tracking 41,686 security incidents around the world, including 2,013 data breaches from 86 countries and…
Continue reading...

Happy Birthday GDPR! Its Year in Review and the Future for Data Protection

The European Union’s General Data Protection Regulation (GDPR) turned a year old on May 25, 2019 already becoming a benchmark for privacy and data protection compliance.  Undoubtedly, one of the great successes of the GDPR to date has been reminding consumers of their rights surrounding data privacy, and forcing organizations to improve their own data privacy practices. The GDPR gives EU residents the right to request a portable copy of their data, the right to get their data erased, and the right to revoke their consent.…
Continue reading...

Walking Back Spokeo: Does the 11th Circuit Make Data Breach Standing Even Easier?

In the context of data-breach litigation, Article III standing has historically been a hurdle for the plaintiffs’ bar. This “standing hurdle” is more than just an oxymoronic phrase.  And after the Supreme Court’s decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), many believed that would be data-breach plaintiffs would find it even more difficult to establish Article III standing.  Under Spokeo, the data breach plaintiffs are required to show an “injury-in-fact” that is “concrete and particularized” and “actual or imminent, not…
Continue reading...

Employees’ Claim Under the Illinois Biometric Information Protection Act Escapes Arbitration Provision in Employment Agreement

A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.  The Illinois Biometric Information Act As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008…
Continue reading...

Washington State Cyberstalking Law Deemed Unconstitutional

On February 22, a federal judge in the State of Washington held that Washington’s cyberstalking law impermissibly inhibits constitutionally protected speech in violation of the First Amendment. The case of Rynearson v. Ferguson was commenced by Richard Rynearson, III against Washington State’s Attorney General and county prosecuting attorney under 42 U.S.C. Section 1983 for the purpose of enjoining the state’s enforcement of its cyberstalking statute, Wash. Rev. Code Section 9.61.260. Rynearson is an online author and activist who regularly writes online posts and comments directed…
Continue reading...

Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practices data privacy best practices.  We’ve put together a list if best practices to keep your data secure:
  • Develop a data protection plan, including privacy policies, terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. 
  • Keep software up to date.  This might seem obvious, but it’s a surprisingly common pratfall.  This includes not

Continue reading...

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue reading...