Recent Posts

FTC Says Unroll.me Deceived Consumers on Access and Use of Information

Aug 14, 2019 by Stacey Brandenburg and Marielena Reyes

The Federal Trade Commission announced a settlement and consent decree with email receipt management company Unroll.me, a subsidiary of Slice Technologies, Inc. Unroll.me offered a service that helped users unsubscribe from unwanted subscription emails and consolidate certain other types of emails into a single daily email.  The FTC’s allegations included claims that Unroll.me shared detailed personal data...

Read More →

The Carrot and The Stick: Trends and Considerations in the Equifax/FTC Settlement

Aug 2, 2019 by Jon Frankel, Kandi Parsons and Ariel Oxman

Following a breach affecting 145 million consumers, the Federal Trade Commission has announced a settlement with Equifax for up to $700 million, the largest ever for a data breach. In the same action, Equifax also settled with the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories to resolve allegations related to the massive 2017 breach. This...

Read More →

ZwillGen, a leading boutique law firm specializing in the intersection of law and technology, is seeking candidates for its 2020 Fellowship Program. The program presents a unique opportunity to work with and learn from some of the most experienced privacy and data security lawyers representing the biggest names in technology, and it’s a great place...

Read More →

New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new data elements to the definition of “private information.” On July 25, 2019, Governor Cuomo signed S5575B, with the breach notification amendments...

Read More →

ZwillGen’s FTC Team on the Meaning of the FTC Facebook Settlement

Jul 25, 2019 by Marc Zwillinger, Stacey Brandenburg and Kandi Parsons

Following a yearlong investigation triggered in part by the Cambridge Analytica incident, the Federal Trade Commission (FTC) has announced a much anticipated settlement with Facebook, Inc. The Commission determined that the company violated its existing 2012 FTC Order by “deceiving users about their ability to control the privacy of their personal information.” The settlement imposes a record-breaking $5...

Read More →

The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, but the contours of the law are still being ironed out. Following a marathon debate at a California Senate Judiciary Committee Hearing, the scope of these potential legislative changes is coming into focus. While certain bills amending the CCPA advanced without modification,...

Read More →

Hawai’i Governor David Ige (D) has vetoed HB702 HD1 SD2, which would have restricted the sale of certain location information. The governor explained that the “lack of clarity in this bill as currently drafted will lead to ambiguity, confusion, and unintended consequences should it become law.” He’s right. The legislation read as follows: “No person shall sell or offer...

Read More →

Tricky Topics in CCPA Compliance

Jun 10, 2019 by Marc Zwillinger, Kandi Parsons and Michelle Anderson

At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as the requirement to provide California consumers with access to their personal information (“Personal Information” as defined by the CCPA) for...

Read More →

10 Ways a Business Associate Can Trigger HIPAA Enforcement

May 31, 2019 by Michelle Anderson and Devron Brown

The Department of Health and Human Services (“HHS”) may have signaled its interest in pursuing more enforcement actions against business associates. On May 24, 2019, the HHS Office for Civil Rights (“OCR”), released a fact sheet on the direct liability of business associates under the Health Insurance Portability and Accountability Act (“HIPAA”). The day before releasing its new fact...

Read More →

Notable GDPR Enforcement Actions in the First Year and Key Takeaways

May 24, 2019 by Michelle Anderson, Plamena Gerovska and Mason Weisz

In the year since the General Data Protection Regulation (“GDPR”) went into effect on May 25, 2018, companies worldwide have been adapting to the new privacy rules—and EU regulators have also been busy adjusting to the new regime, handling an influx of data subject complaints, issuing guidelines and opinions, conducting investigations, and bringing enforcement actions for violations...

Read More →