A class-action lawsuit against facial-recognition company Clearview AI alleges they unlawfully scraped biometric data from other websites and sold the resulting data to other entities. The case tests yet another provision of the CCPA relating to the law’s private right to action. READ MORE

A class-action lawsuit against Ring LLC alleging the plaintiffs’ rights to privacy were violated includes a cause of action under the CCPA, alleging plaintiffs were entitled to a CCPA notice informing them what information Ring was collecting and how it would be used. The case may lead to what could be the first judicial interpretation of the CCPA’s private right of action. READ MORE

On February 7, California’s Attorney General released modified proposed regulations implementing the California Consumer Privacy Act. Many of the revisions can be reasonably interpreted to lessen the burden on businesses attempting to comply with the CCPA. READ MORE

The Supreme Court’s denial of Facebook’s petition for certiorari regarding standing and class certification issues in a suit under Illinois’ BIPA portends some similarly large privacy settlements in the coming years. Given BIPA’s broad scope, companies should familiarize themselves with the statute and consider their risks. READ MORE

Two recent online privacy bills introduced in the U.S. Senate highlight some of the key privacy and data security issues that Congress may tackle next year. While they share much in common, key differences between the two include whether a federal bill would be privately-actionable and if it preempts state laws. READ MORE

On October 10, 2019, California’s Attorney General released its long-awaited draft regulations explaining how the state intends to enforce the requirements of the California Consumer Privacy Act. The regulations leave much to the best judgment of businesses that will be doing their best to comply and are in response to questions raised during the comment-gathering process. READ MORE

Before the CCPA has even gone into effect, privacy advocates have already introduced new legislation further tightening California’s consumer laws. The vast majority of the new initiative would impose additional requirements on companies that want to do business with California consumers. READ MORE

Although the California Consumer Privacy Act will be effective in only a few short months, key amendments are still awaiting the Governor’s signature. Some of the amendments make exemptions from the CCPA, while others provide clarification of the Act’s terms. READ MORE

With no imminent legislative action curtailing the rush of BIPA litigation since Rosenbach v. Six Flags, it is critical that employers have the appropriate policies and procedures in place to comply with BIPA. This includes compliance requirements and best practices to avoid statutory penalties. READ MORE

The Illinois Supreme Court has decided individuals need not allege injury other than a violation of their rights to bring suit under the Illinois Biometric Information Privacy Act, leaving the door open for future individual suits and class actions. READ MORE

A recent decision from the Supreme Court of Pennsylvania in Dittman v. UPMC may signal a significant change in fortunes for plaintiffs in data breach cases. Anyone storing or collecting data should be aware of the potential increase in security breach litigation in an employer/employee context. READ MORE

As more employees work remotely from home, the risk of a cyber breach stemming from a home network is increasing. With the immense repercussions of a breach at risk, companies should augment their cyber protection and breach response plans to include protections for home networks. READ MORE

The framework is significant for several reasons and is intended to help organizations manage the data privacy risks they are now exposed to more than ever thanks to new technologies. READ MORE

In a February 21 Release, the U.S. Securities and Exchange Commission (SEC) announced new interpretive guidance for public companies regarding cybersecurity risk and incident disclosures. The new guidance (which expands on the 2011 statement from the SEC’s Division of Corporate Finance, which identified the cybersecurity risk—and consequence—disclosure obligations for public companies) introduces two new areas of focus which had not previously been addressed by the SEC. READ MORE

The IRS is warning the public about the emerging scams this tax season, which includes cyber-attacks targeting tax preparers and businesses. The statement includes the steps to take if you or your clients' tax data or financial information has been compromised. READ MORE

Addressing and managing operational cybersecurity risks is important not only to lessen the risks and fallout of a cyber-attack but also to demonstrate that your company has taken appropriate steps and implemented necessary procedures to protect itself and its financial or strategic partners. READ MORE

Schools should take notice of the Missouri Auditors’ recommendations and carefully consider those recommendations when looking at their own cybersecurity programs. READ MORE

The May 11 Executive Order is a strong effort toward upgrading and addressing the United States’ cybersecurity capabilities. But it remains to be seen what sort of commitment the efforts identified will receive from Congress, private enterprises, and the rest of the government. READ MORE

One of only a few states without its own data breach notification law, New Mexico is about to join the ranks of 47 states with such laws. HB15, awaiting the governor's signature, requires an expedient 45-calendar-day notification window. READ MORE

More and more, regulators are focusing their rulemaking power not just on how a company responds (or doesn’t respond) to a data breach, but the steps it took far in advance to prevent or mitigate such a breach. READ MORE

FINRA has sent a clear message to member firms that it is very serious about enforcing its cybersecurity regulations. Requirements to protect personal information as well as to preserve necessary evidence are not being taken lightly by FINRA. READ MORE

A set of joint resources from NIST and FAIR can help cybersecurity professionals to both prioritize risks in their organization and allocate security resources to the most critical areas of exposure. READ MORE

There is little question that 3D printing is an important part of technology and manufacturing development. But a recent study may raise some concern over the security of that technology in an unexpected way. READ MORE

The U.S. and EU have negotiated a new pact that would allow for U.S. companies to collect and store personally identifying information about EU citizens and to protect those citizens’ privacy pursuant to EU standards. So what are the requirements of this new Privacy Shield and what do they mean for U.S. companies doing business with European customers? READ MORE