On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
In this second segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto discusses the evolution of privacy over the years. View the video recording now.… Continue Reading
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. … Continue Reading
On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The law takes effect on July 1, 2016.… Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
On December 15, 2015, the California Attorney General announced an approximately 25 million dollar settlement with Comcast Cable Communications, LLC stemming from allegations that Comcast disposed of electronic equipment (1) without properly deleting customer information from the equipment and (2) in landfills that are not authorized to accept electronic equipment.… Continue Reading
On November 17, 2015, two plaintiffs filed a putative class action alleging that Georgia’s Secretary of State improperly disclosed the personal information of more than 6.1 million Georgia voters.… Continue Reading
The United States District Court for the Northern District of California dismissed, without prejudice, a former Uber driver's class action complaint. This blog entry provides highlights from the case.… Continue Reading
On October 8, 2015, California Governor Jerry Brown signed into law the California Electronic Communications Privacy Act. The law requires police to obtain a warrant before accessing an individual’s private electronic information. … Continue Reading
On October 2, 2015, California Attorney General Kamala D. Harris announced that her office settled a lawsuit against an online home design company, Houzz Inc., stemming from allegations that the company impermissibly recorded phone calls without appropriately notifying the parties to the calls.… Continue Reading
On September 15, 2015, Judge Magnuson of the U.S. District Court for the District of Minnesota certified a class of financial services institutions claiming damages from Target Corporation’s 2013 data breach.… Continue Reading
Recent class actions filed against Facebook and Shutterfly are the first cases to test an Illinois law that requires consent before biometric information may be captured for commercial purposes. Although the cases focus on biometric capture activities primarily in the social-media realm, these cases and the Illinois law at issue have ramifications for any business … Continue Reading
Legislators in New Hampshire and Oregon recently passed bills designed to protect the online privacy of students in kindergarten through 12th grade. This blog entry provides highlights on both bills.… Continue Reading
On May 5, 2015, the Financial Crimes Enforcement Network of the U.S. Treasury Department, in coordination with the U.S. Attorney’s Office for the Northern District of California, announced a civil monetary penalty of $700,000 against Ripple Labs, Inc. and its subsidiary XRP II, LLC for violations of the Bank Secrecy Act.… Continue Reading
On April 28, 2015, the Florida House of Representatives passed a bill (SB 766) that prohibits businesses and government agencies from using drones to conduct surveillance by capturing images of private real property or individuals on such property without valid written consent under circumstances where a reasonable expectation of privacy exists.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
On February 23, 2015, the Wyoming Senate approved a bill that adds data elements to the definition of "personal identifying information" in the state's data breach notification statute. The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill that adds content requirements to the notice that breached entities must send affected Wyoming residents. … Continue Reading
On January 12, 2015, Senator James Merritt (R-Indianapolis) introduced a new security breach bill that would impose substantial new privacy obligations on companies holding the personal data of Indiana residents.… Continue Reading
On January 5, 2015, the Alameda County District Attorney's Office announced that Safeway Inc. has agreed to pay USD 9.87 million to settle claims that the company unlawfully disposed of customer medical information and hazardous waste in violation of California's Confidentiality of Medical Information Act and hazardous waste laws. … Continue Reading
On November 21, 2014, Massachusetts Attorney General Martha Coakley announced that Boston hospital Beth Israel Deaconess Medical Center has agreed to a settlement related to a data breach that affected the personal and protected health information of nearly 4,000 patients and employees. … Continue Reading
