• 10 2019 June

    Tricky Topics in CCPA Compliance

    At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as...

    Read More →

Recent Posts

Tricky Topics in CCPA Compliance

Jun 10, 2019 by Marc Zwillinger, Kandi Parsons and Michelle Anderson

At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as the requirement to provide California consumers with access to their personal information (“Personal Information” as defined by the CCPA) for...

Read More →

10 Ways a Business Associate Can Trigger HIPAA Enforcement

May 31, 2019 by Michelle Anderson and Devron Brown

The Department of Health and Human Services (“HHS”) may have signaled its interest in pursuing more enforcement actions against business associates. On May 24, 2019, the HHS Office for Civil Rights (“OCR”), released a fact sheet on the direct liability of business associates under the Health Insurance Portability and Accountability Act (“HIPAA”). The day before releasing its new fact...

Read More →

Notable GDPR Enforcement Actions in the First Year and Key Takeaways

May 24, 2019 by Michelle Anderson, Plamena Gerovska and Mason Weisz

In the year since the General Data Protection Regulation (“GDPR”) went into effect on May 25, 2018, companies worldwide have been adapting to the new privacy rules—and EU regulators have also been busy adjusting to the new regime, handling an influx of data subject complaints, issuing guidelines and opinions, conducting investigations, and bringing enforcement actions for violations...

Read More →

New Reporting Requirements Under Arkansas’ Data Breach Law

May 22, 2019 by Michelle Anderson, Marci Rozen and Armin Tadayon

Arkansas has updated its breach notification law to expand the definition of “personal information” and to require notifying the Arkansas Attorney General when a breach involves more than 1,000 individuals’ personal information. On April 15, 2019, Governor Asa Hutchinson signed HB 1943, and the amendments go into effect on July 23, 2019.  Personal Information The amendments add...

Read More →

Washington Strengthens Breach Notification Law

May 9, 2019 by Michelle Anderson, Armin Tadayon and Jason Wool

On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing the time an entity has to disclose a breach to consumers and the Attorney General from 45 to 30 days. These proposed amendments are consistent with...

Read More →

The Department of Health and Human Services (“HHS”) recently issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (“CMPs”) in which it lowered the maximum annual fines that can be assessed against covered entities and business associates under the Health Insurance Portability and Accountability Act (“HIPAA”) for lower-level categories of violations. The annual limit for...

Read More →

The Death Knell for Class Arbitration?

May 6, 2019 by Amanda Irwin and Jeff Landis

On April 24, 2019, the U.S. Supreme Court held in Lamps Plus v. Varela that under the Federal Arbitration Act (“FAA”), class arbitration is only permitted when explicitly provided for in arbitration agreements. The 5-4 decision written by Chief Justice Roberts, and joined by the conservative-leaning justices, overturned the Ninth Circuit’s ruling and conclusively established that...

Read More →

CCPA Amendments Advance Out of Committees

May 1, 2019 by Michelle Anderson and Marci Rozen

While many companies are struggling to make sense of the California Consumer Privacy Act (“CCPA”) (see our prior posts here and here) and roll out their CCPA compliance programs, the California Assembly Privacy and Consumer Protection Committee (“Privacy Committee”) and the Senate Judiciary Committee have advanced a number of bills that would amend various aspects of the...

Read More →

Law enforcement agencies are increasingly requesting that courts allow them to compel suspects to unlock electronic devices with their biometrics. As of yet, though, courts confronted with the question have come up with no unified answer whether they can do so. For example, earlier this year, as part of a search warrant application for a house...

Read More →

Online Platform Design Issues Lead to Certified False Advertising Class

Apr 24, 2019 by Nick Jackson and Armin Tadayon

A recent class certification decision in the Northern District of California highlights the importance of platform design. A group of hotel owners alleged that Expedia’s website provided false information about the availability of rooms at their hotels—and certified a class for injunctive relief. This case serves as a reminder to online operators about the potential legal...

Read More →