Recent Posts

Massachusetts has updated its breach notification law to require credit monitoring services and more prescriptive breach notices to regulators, as well as to strengthen rules for consumer reporting agencies. Governor Charlie Baker signed the legislation (H. 4806) on January 10, 2019, and the amendments go into effect on April 11, 2019. The amendments will require:...

Read More →

Vermont Data Broker Regulations Now Effective­­

Jan 14, 2019 by Devron Brown, Michelle Anderson and Ken Dreifach

The Vermont Data Broker Regulation (“VDBR”) (9 V.S.A. §§ 2430, 2433, 2446–2447) went into effect on January 1, 2019. Therefore, data brokers must register with the Vermont Attorney General by January 31st and comply with minimum data security requirements. Applicability of the VDBR Subject to the exceptions set forth in 9 V.S.A. §§ 2430(4)(C), under...

Read More →

The EU’s highest court may be poised to allow Google and other search engines to honor most right-to-be-forgotten requests in a way that impacts only searches from within the EU, i.e., without affecting results for searches performed by users outside the EU. EU Court of Justice (“CJEU”) Advocate General (“AG”) Maciej Szpunar released an opinion...

Read More →

An Illinois federal judge granted summary judgment to Google in a case alleging that its use of facial recognition software in Google Photos violated Illinois’ Biometric Information Privacy Act (“BIPA”), citing Plaintiffs’ failure to establish a concrete injury sufficient to confer Article III standing.  Background Google Photos is a cloud-based service which detects images of...

Read More →

The South Carolina Insurance Data Security Act (the “Act”) took effect on January 1, 2019.  The bill, which largely resembles the New York Department of Financial Services cybersecurity regulations, is based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law and is intended to establish minimum data security, breach notification, and...

Read More →

2018 was a big year for information security and data privacy. The European General Data Protection Regulation (“GDPR”) became effective and helped bring greater awareness to the handling of personal data while several U.S. states passed or amended their privacy laws. Below we have compiled a list of the most significant privacy and security developments...

Read More →

Avoiding Liability for Customers’ Canadian Spam Law Violations

Nov 15, 2018 by Michelle Anderson and Mason Weisz

The Canadian Radio-television and Telecommunications Commission (“CRTC”) has issued guidelines for avoiding liability under Canada’s Anti-Spam Legislation (“CASL”) for assisting third parties in their violations. These guidelines and a recent CRTC enforcement action are a reminder to vendors providing marketing and advertising services that they can be held responsible for both their—and their customers’—CASL violations....

Read More →

The Securities and Exchange Commission (“SEC”) recently announced a $388,000 settlement with the founder of EtherDelta, a digital “token” trading platform, for operating an unregistered cryptocurrency exchange. This is the first enforcement action of its kind. EtherDelta is an online platform for secondary market trading of Ether and ERC20 tokens, a type of digital asset...

Read More →

A recent class action lawsuit out of Arizona provides another example why companies are right to be wary about voluntarily providing information to law enforcement, even when there is no clear statutory bar on doing so. In Jane V. v. Motel 6, plaintiffs alleged that Motel 6’s policy and practice of disclosing registration information about...

Read More →

President Trump signed into law the FAA Reauthorization Act of 2018 (“FAA Act”) in which Section 375 authorizes the Federal Trade Commission (“FTC”) to apply Section 5 of the FTC Act to privacy policy violations by persons that use Unmanned Aerial Systems (“UAS”) “for compensation or hire, or in the furtherance of a business enterprise.”...

Read More →