• 10 2019 June

    Tricky Topics in CCPA Compliance

    At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as...

    Read More →

Recent Posts

As the current shutdown of the federal government passed the one-month mark, the strain on workers affected by the shutdown is reaching a crisis level. The severe financial impact on the country has been reported, but the human impact of the shutdown is equally devastating for individuals and families. Thousands of federal workers remain furloughed,...

Read More →

At the beginning of year, House and Senate members of Colorado’s General Assembly introduced the Colorado Digital Token Act (“CDTA”). The bill exempts digital token issuers who market tokens primarily for consumptive purposes (e.g., to purchase goods and services from the seller) from most state securities registration requirements. If passed, the CDTA would result in...

Read More →

DOJ Reverses Course on the Wire Act

Jan 16, 2019 by Zach Lerner, Jake Sommer and Marc Zwillinger

In a surprisingly result-oriented analysis, the Department of Justice (“DOJ”) has reversed its view on the scope of the Wire Act, declaring that the Wire Act is not limited to sports gambling. The opinion authored by the Office of Legal Counsel, (dated November 2, 2018 and made public earlier this week) reverses the better-reasoned conclusion...

Read More →

Massachusetts has updated its breach notification law to require credit monitoring services and more prescriptive breach notices to regulators, as well as to strengthen rules for consumer reporting agencies. Governor Charlie Baker signed the legislation (H. 4806) on January 10, 2019, and the amendments go into effect on April 11, 2019. The amendments will require:...

Read More →

Vermont Data Broker Regulations Now Effective­­

Jan 14, 2019 by Devron Brown, Michelle Anderson and Ken Dreifach

The Vermont Data Broker Regulation (“VDBR”) (9 V.S.A. §§ 2430, 2433, 2446–2447) went into effect on January 1, 2019. Therefore, data brokers must register with the Vermont Attorney General by January 31st and comply with minimum data security requirements. Applicability of the VDBR Subject to the exceptions set forth in 9 V.S.A. §§ 2430(4)(C), under...

Read More →

The EU’s highest court may be poised to allow Google and other search engines to honor most right-to-be-forgotten requests in a way that impacts only searches from within the EU, i.e., without affecting results for searches performed by users outside the EU. EU Court of Justice (“CJEU”) Advocate General (“AG”) Maciej Szpunar released an opinion...

Read More →

An Illinois federal judge granted summary judgment to Google in a case alleging that its use of facial recognition software in Google Photos violated Illinois’ Biometric Information Privacy Act (“BIPA”), citing Plaintiffs’ failure to establish a concrete injury sufficient to confer Article III standing.  Background Google Photos is a cloud-based service which detects images of...

Read More →

The South Carolina Insurance Data Security Act (the “Act”) took effect on January 1, 2019.  The bill, which largely resembles the New York Department of Financial Services cybersecurity regulations, is based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law and is intended to establish minimum data security, breach notification, and...

Read More →

2018 was a big year for information security and data privacy. The European General Data Protection Regulation (“GDPR”) became effective and helped bring greater awareness to the handling of personal data while several U.S. states passed or amended their privacy laws. Below we have compiled a list of the most significant privacy and security developments...

Read More →

Avoiding Liability for Customers’ Canadian Spam Law Violations

Nov 15, 2018 by Michelle Anderson and Mason Weisz

The Canadian Radio-television and Telecommunications Commission (“CRTC”) has issued guidelines for avoiding liability under Canada’s Anti-Spam Legislation (“CASL”) for assisting third parties in their violations. These guidelines and a recent CRTC enforcement action are a reminder to vendors providing marketing and advertising services that they can be held responsible for both their—and their customers’—CASL violations....

Read More →