The California Consumer Privacy Act of 2018 (“CaCPA”) will be implemented January 1, 2020, and as we anticipated, the regulation continues to evolve. On August 27, the California legislature published the first amendments to the pending legislation. We previously wrote a comprehensive overview of the CaCPA in its original form here. Here are some key-takeaways from … Continue Reading
Yesterday, the FTC gave its blessing to some new ways that covered organizations can obtain verifiable parental consent before collecting personal information from children under 13. The updated COPPA Rule FAQs offer expanded options to get consent using payment card information and for developers using a third party such as an app store to get … Continue Reading
By Boris Segalis and Nihar Shah. Earlier this week, following in the footsteps of Maryland, Illinois Governor Pat Quinn signed a law amending the state’s Right to Privacy in the Workplace Act to prohibit employers from asking current and prospective employees for their personal social media account credentials. The Maryland and Illinois legislation is a response to reports that circulated earlier this … Continue Reading
On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.
… Continue Reading
On March 18, 2011, the Oklahoma State House passed the Electric Utility Data Protection Act (House Bill 1079). The state's Senate will consider the bill next.
The Act seeks to establish standards to govern the use and disclosure of electric utility usage data (including personal information) by electric utilities, customers of electric utilities and third parties. The Act also requires electric utility companies to maintain the confidentiality of customer data and allow customers to access the data. State Rep. Scott Martin noted that customers will see energy savings from the Smart Grid, but are vulnerable to potential access of their data by third parties. "This legislation should ensure customers can reap the many benefits of this new system without having to fear someone getting access to their data without permission," said Martin. The legislation is said to have the support of the Oklahoma Gas & Electric Company, which has already converted 100,000 standard meters to smart meters in the state and plans to install 800,000 smart meters in the next two years.
… Continue Reading
On March 1, 2011, the Supreme Court held in FCC v. AT&T Inc. that corporations do not enjoy “personal privacy.” The Court’s 8-0 decision reversed a Third Circuit Court of Appeals’ holding that corporations could prevent the release of certain information subject to a Freedom of Information Act (FOIA) request on the basis of an … Continue Reading
During the final week of October and beginning of November, I attended two privacy events that were set far apart geographically and philosophically: the Data Protection Commissioners Conference in Jerusalem and the ad:tech conference in New York City. The Jerusalem event had a decidedly pro-privacy flavor, while at ad:tech businesses showcased myriad ways for monetizing personal information. Both conferences posed interesting questions about the future of privacy, but as a privacy lawyer I was more interested in learning and observing than engaging in the privacy debates. The events' apparently divergent privacy narratives made me ponder where a privacy lawyer may fit on the privacy continuum between these two great cities.
… Continue Reading