Data Breach Lawsuit Raises Specter of the CCPA

It was only a matter of time, but we now have our first lawsuit that references California’s new consumer data protection act, the California Consumer Privacy Act (CCPA), which went into effect on Jan. 1, 2020. The CCPA permits each consumer that can establish a violation of certain provisions of the CCPA to seek damages of up to $750, or actual damages, whichever is greater. As the CCPA hangs over businesses like a Sword of Damocles, it remains to be seen whether it will have… Continue Reading

Countdown to New Year’s Day and the CCPA

The California Consumer Privacy Act (CCPA) becomes effective on January 1, 2020. We are counting down 10 practical measures you can take to begin down the path for CCPA compliance: 10. Determine whether your business must comply with the CCPA.
  • You must comply with the CCPA if:
    • You are a for-profit entity with over $25 million in gross revenues that conducts business in the state of California and collect the personal information of California residents
    • You annually buy, receive for the business’ commercial purposes, sell,
Continue Reading

Robocall Legislation Likely to Move Forward for White House Approval

Leaders of the House Energy and Commerce Committee and the Senate Commerce Committee issued a joint statement early November advising that they have reached a deal on anti-robocall legislation which will seek to stave off those pesky robocalls United States consumers receive, often at the most inopportune times. Robocalls have been a growing problem in the U.S., based in large part on their solicitation of the disclosure of personal information to unknown organizations (who are typically based outside of the U.S.), often resulting in identity… Continue Reading

Preparing Private Companies for Politically Motivated Cyberattacks

Law firms in the midst of large and publicly reported M&A deals, accounting firms during return season, and Facebook at just about any moment, should all assume that they are being targeted by hackers. However, the Department of Homeland Security’s (DHS) announcement that Iranian regime actors and proxies have been using “wiper” attacks adds a new indicator: geopolitical importance during politically sensitive times. The director of the Cybersecurity and Infrastructure Security Agency (CISA) released a tweet late last week notifying the public that Iran is… Continue Reading

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business… Continue Reading

There is Still Hope for Federal Privacy Legislation, but it May be Delayed

Highly-publicized data breaches and frequent scandals involving the collection and sale of personal data have made online privacy a bipartisan issue. Lawmakers have proposed a number of solutions. One of those proposals is a bill to create rules governing online privacy, headed by Democratic Senators Richard Blumenthal, Brian Schatz, and Maria Cantwell, and Republican Senators Jerry Moran, Roger Wicker, and John Thune. Republicans evidently hope to complete a draft of the bill by the end of May so it can be introduced, debated, and voted… Continue Reading

First Circuit Finds There is No Expectation of Privacy for IP Address Information

In an important holding regarding an individual’s constitutional right to protection from unreasonable searches, the United States Court of Appeals, First Circuit, held that a criminal defendant did not have a reasonable expectation of privacy in internet protocol (IP) address data that was acquired by the government from a smart phone application company without a search warrant. In U.S. v. Hood, — F.3d. –, 2019 WL 1466943 (1st Cir. 2019), a user of the smart phone messaging application Kik, who went by the username… Continue Reading

Ohio Cybersecurity Legislation Applicable to Insurers Now In Effect

Ohio’s new law requiring insurance providers to take steps to protect personal information recently went into effect March 20, 2019. Ohio now follows South Carolina as the second state to adopt legislation modeled after the NAIC’s Insurance Data Security Model Law.             The law, codified at new Ohio Revised Code Chapter 3695, applies to all individuals or non-governmental entities required to be authorized, registered, or licensed under Ohio insurance laws (defined as “licensees”). Only smaller licensees that have fewer than 20 employees, less than $5… Continue Reading

Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only… Continue Reading

Congress Passes Bill to turn Cybersecurity Wing of Department of Homeland Security into Fully-fledged Agency

On November 13, the U.S. House of Representatives voted unanimously to pass bipartisan legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The CISA Act (H.R. 3359), first introduced in July, 2017, passed the Senate in October. It will “reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security,” according to a statement released by DHS. The new agency… Continue Reading