On May 16, 2017, the Governor of the State of Washington, Jay Inslee, signed into law House Bill 1493, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. The law will become effective on July 23, 2017. Washington becomes the third state to pass legislation regulating the commercial use of biometric identifiers.… Continue Reading
On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090, which updates Oregon’s Unlawful Trade Practices Act by holding companies liable for making misrepresentations on their websites or in their consumer agreements about how they will use, disclose, collect, maintain, delete or dispose of consumer information.… Continue Reading
On March 28, 2017, the French Data Protection Authority published its Annual Activity Report for 2016 and released its annual inspection program for 2017. The Report presents the main accomplishments in 2016 and highlights the diversified activity at both the national and EU level with the adoption of two major pieces of legislation.… Continue Reading
On February 13, 2017, the Parliament of Australia passed legislation that amends the Privacy Act of 1988 and requires companies with revenue over 3 million AUD (2.3 million USD) to notify affected Australian residents and the Australian Information Commissioner in the event of an "eligible data breach."… Continue Reading
On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. … Continue Reading
On January 25, 2017, President Trump issued an Executive Order entitled "Enhancing Public Safety in the Interior of the United States." This blog entry provides highlights on the Executive Order.… Continue Reading
On January 24, 2017, the UK Supreme Court handed down its judgment that the UK government cannot commence the UK’s withdrawal from the EU without the approval of Parliament.… Continue Reading
On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading
On January 3, 2017, as reported in Bloomberg Law: Privacy and Data Security, Chilean legislators are soon expected to consider a new data protection law which would impose new privacy compliance standards and certain enforcement provisions on companies doing business in Chile. … Continue Reading
On November 16, 2016, the UK Investigatory Powers Bill was approved by the UK House of Lords. The draft of the Bill has sparked controversy, as it will hand significant and wide-ranging powers to state surveillance agencies, and has been strongly criticized by some privacy and human rights advocacy groups. … Continue Reading
On November 10, 2016, Moscow’s Court of Appeal upheld a lower court’s decision that LinkedIn violated Russia’s data localization law requiring Russian personal data to be stored within Russian territory. Roskomnadzor, Russia’s data protection authority, is now set to block access to the social media website across Russia.… Continue Reading
The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).… Continue Reading
On October 14, 2016, the National Highway Transportation Administration indicated in a letter to Congress that it intends to issue new best practices on vehicle cybersecurity. This letter came in response to an earlier request from the House Committee on Energy and Commerce that NHTSA convene an industry-wide effort to develop a plan to address vulnerabilities posed to vehicles by On-Board Diagnostics ports. … Continue Reading
On October 19, 2016, the Court of Justice of the European Union issued its judgment in Patrick Breyer v. Bundesrepublik Deutschland, following the Opinion of Advocate General earlier this year. The CJEU followed the Opinion of the Advocate General and declared that the dynamic IP address of a website user is considered personal data.… Continue Reading
On September 20, 2016, the Department of Transportation, through the National Highway Traffic Safety Administration, released federal cyber guidance for autonomous cars entitled Federal Automated Vehicles Policy. … Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
The Office of Management and Budget recently issued updated information management policies for the U.S. federal government. The updated policies are intended "to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy."… Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
On July 19, 2016, Advocate General Saugmandsgaard Oe published his Opinion on two cases that sought to establish whether a general obligation to retain data is compatible with the fundamental rights to privacy and data protection under EU law.… Continue Reading
On June 29, 2016, the Federal Trade Commission announced that, to account for inflation, it is increasing the civil penalty maximums for certain violations of the FTC Act effective August 1, 2016. … Continue Reading
On June 17, 2016, the National Privacy Commission of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012, for public consultation. This blog entry provides a summary of the draft guidelines.… Continue Reading
On June 23, 2016, the UK held a referendum to decide upon its continued membership in the European Union. The outcome has resulted in the decision for the UK to withdraw its membership from the European Union. Despite the result, data protection standards are unlikely to be affected.… Continue Reading
TCCWNA. The very acronym evokes head scratches and sighs of angst and frustration among many in the retail industry. The New Jersey Truth-in-Consumer Contract Warranty and Notice Act was passed in 1981 to protect consumers from allegedly deceptive practices in consumer contracts, warranties, notices and signs. Continue reading for an in-depth view of the TCCWNA and what retailers can do to minimize risk. … Continue Reading
On June 15, 2016, the U.S. Department of Homeland Security and U.S. Department of Justice jointly issued final guidance on the Cybersecurity Information Sharing Act of 2015.… Continue Reading
