Recent Posts

Key Changes in the AG’s Updated Proposed CCPA Regulations

Feb 9, 2020 by Ken Dreifach, Jon Frankel, Anna Hsia, Zach Lerner, Melissa Maalouf, Kandi Parsons, Marci Rozen, Mason Weisz and Marc Zwillinger

The California Attorney General released an update to its proposed California Consumer Privacy Act Regulations, and companies have until 5 pm PT on February 24 to submit comments on this updated draft. ...

Read More →

SEC Releases InfoSec “Roadmap” for GLBA Entities

Feb 3, 2020 by Nur Lalji and Jason Wool

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has released a new report, entitled Cybersecurity and Resiliency Observations, which stands as their most detailed and comprehensive information security guidance to date. Companies supervised by OCIE may want to consider the report to be an information security “benchmark,” as it amounts to...

Read More →
Washington Privacy Act (WPA)

New Push for Washington’s Privacy Bill in 2020

Jan 30, 2020 by Nur Lalji and Mason Weisz

Washington state may be leading the charge on privacy legislation in 2020. The state legislature introduced several privacy bills during the first week of its 2020 legislative session, including an updated version of the Washington Privacy Act (“WPA” or “Act”)—a comprehensive data protection framework modeled after the California Consumer Privacy Act (“CCPA”) and the European...

Read More →
CCPA Countdown

CCPA Countdown: Draft Regulations Add Clarity and New Requirements

Oct 17, 2019 by Kelsey Harclerode, Kandi Parsons and Mason Weisz

On October 10, 2019, the California Attorney General issued its notice of proposed rulemaking containing its proposed CCPA Regulations. In many instances, the draft Regulations go beyond simply clarifying existing CCPA provisions and instead set forth new requirements that alter prior interpretations of the law.  This analysis highlights some of those provisions and expected next steps as...

Read More →

10 Recent Changes to the CCPA that Businesses Should Know About

Sep 20, 2019 by Zach Lerner and Nur Lalji

Key Takeaways: Subject data rights for employee data and business-to-business data were narrowed (for a year). The definition of personal information was clarified; the toll-free number requirement has an exception. The definition of sale remains unchanged.   The California legislative session is over and the nine-month effort to amend the California Consumer Privacy Act of 2018...

Read More →

Ninth Circuit Rules that Scraping a Public Website is Likely Not a CFAA Violation

Sep 11, 2019 by Marc Zwillinger, Stacey Brandenburg and Zach Lerner

In the highly-anticipated decision in the hiQ Labs v. LinkedIn case, the Ninth Circuit upheld the preliminary injunction against LinkedIn, prohibiting it from barring hiQ’s scraping of public profiles from its site. In so doing, the court held that the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”) is likely not violated by the...

Read More →

Following an extensive investigation, the Federal Trade Commission (“FTC”) announced a settlement with Google and its subsidiary YouTube for the largest-ever civil penalty for violations under the Children’s Online Privacy Protection Act (“COPPA”) – $136 million to the FTC and $34 million to the State of New York.  In its 2013 COPPA rulemaking, the Commission indicated that...

Read More →

We are proud to be recognized as a leading law firm in Privacy and Data Security by Chambers and Partners for the ninth consecutive year. Founder and Managing Partner Marc J. Zwillinger has also been ranked in Band 1 as a top lawyer in the Privacy and Data Security space. Chambers bases these rankings on...

Read More →

FTC Says Unroll.me Deceived Consumers on Access and Use of Information

Aug 14, 2019 by Stacey Brandenburg and Marielena Reyes

The Federal Trade Commission announced a settlement and consent decree with email receipt management company Unroll.me, a subsidiary of Slice Technologies, Inc. Unroll.me offered a service that helped users unsubscribe from unwanted subscription emails and consolidate certain other types of emails into a single daily email.  The FTC’s allegations included claims that Unroll.me shared detailed personal data...

Read More →

The Carrot and The Stick: Trends and Considerations in the Equifax/FTC Settlement

Aug 2, 2019 by Jon Frankel, Kandi Parsons and Ariel Oxman

Following a breach affecting 145 million consumers, the Federal Trade Commission has announced a settlement with Equifax for up to $700 million, the largest ever for a data breach. In the same action, Equifax also settled with the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories to resolve allegations related to the massive 2017 breach. This...

Read More →