On February 22, 2019, California state senator Hannah Beth-Jackson introduced a bill (SB-561) that would amend the California Consumer Privacy Act of 2018 to expand the Act’s private right of action and remove the 30-day cure period requirement for enforcement actions brought by the State Attorney General.
Continue Reading
U.S. State Law
Draft CCPA Regulations Expected Fall 2019
Posted on
As we previously reported, the California Consumer Privacy Act of 2018 delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first. The California Department of Justice anticipates publishing a Notice of Proposed Regulatory Action concerning the CCPA in Fall 2019.…
Continue Reading
Ten Years Strong: A Decade of Privacy and Cybersecurity Insights
Posted on
Hunton Andrews Kurth celebrates the 10-year anniversary of our award-winning Privacy and Information Security Law Blog. Download a copy of “Ten Years Strong: A Decade of Privacy and Cybersecurity Insights.”…
Continue Reading
Illinois Supreme Court Says Biometric-Data Protection Law Does Not Require Allegation of Actual Injury
Posted on
Posted in Information Security, U.S. State Law
The Illinois Supreme Court ruled today that an allegation of “actual injury or adverse effect” is not required to establish standing to sue under the Illinois Biometric Information Privacy Act.…
Continue Reading
Illinois BIPA Suit Dismissed for Lack of Article III Standing
Posted on
Posted in Information Security, U.S. State Law
On December 29, 2018, the Northern District of Illinois dismissed consolidated cases brought under the Illinois Biometric Information Privacy Act on standing grounds, finding that despite the existence of statutory standing under BIPA, neither plaintiff had claimed any injury that would support Article III standing.…
Continue Reading
Massachusetts Amends Data Breach Law; Imposes Additional Requirements
Posted on
On January 10, 2019, Massachusetts Governor Charlie Baker signed legislation amending the state’s data breach law, and the amendments take effect on April 11, 2019. This blog entry provides highlights on the Act. …
Continue Reading
California DOJ to Hold Series of Public Forums on CCPA
Posted on
The California Department of Justice will host six public forums on the California Consumer Privacy Act of 2018 to provide the general public an opportunity to participate in the CCPA rulemaking process. …
Continue Reading
Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina
Posted on
New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. This blog entry provides details on the new law. …
Continue Reading
Illinois Supreme Court Hears Standing Arguments
Posted on
Posted in Information Security, U.S. State Law
On November 20, 2018, the Illinois Supreme Court heard arguments in a case that could shape future litigation under the Illinois Biometric Information Privacy Act (“BIPA”). BIPA requires companies to (i) provide prior written notice to individuals that their biometric data will be collected and the purpose for such collection, (ii) obtain a written release from individuals before collecting their biometric data and (iii) develop a publicly available policy that sets forth a retention schedule and guidelines for deletion once the biometric data is no longer used for the purpose for which it was collected (but for no more than three years after collection). BIPA also prohibits companies from selling, leasing or trading biometric data.
…
Continue Reading
New Ohio Law Creates Safe Harbor for Certain Breach-Related Claims
Posted on
Posted in Cybersecurity, U.S. State Law
Effective November 2, 2018, a new Ohio breach law will provide covered entities a legal safe harbor in certain data breach-related claims brought in an Ohio court or under Ohio law if, at the time of the breach, the entity maintains and complies with a cybersecurity program that (1) contains administrative, technical, and physical safeguards for the protection of personal information, and (2) reasonably conforms to one of the “industry-recognized” cybersecurity frameworks enumerated in the law.…
Continue Reading