Personally Identifiable Information

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018. The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. The Act will take effect January 1, 2020.
Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

On June 21, 2018, California lawmakers introduced AB 375, the California Consumer Privacy Act of 2018. If enacted and signed by the Governor by June 28, 2018, AB 375 would introduce key privacy requirements for businesses, but would also result in the removal of a ballot initiative of the same name from the November 6, 2018, statewide ballot.
Continue Reading California Assembly Bill Aims to Avert State Ballot Initiative Related to Privacy

On November 6, 2018, California voters will consider a ballot initiative called the California Consumer Privacy Act. The Act is designed to give California residents the right to request from businesses the categories of personal information the business has sold or disclosed to third parties, with some exceptions.
Continue Reading California Ballot Initiative to Establish Disclosure and Opt-Out Requirements for Consumers’ Personal Information

On September 29, 2017, North Carolina-based technology company Samanage USA, Inc. agreed to a $264,000 settlement with the Vermont Attorney General in relation to a breach that exposed the Social Security numbers of 660 Vermont Health Connect users.
Continue Reading Samanage USA, Inc. Agrees to Pay to Settle Vermont AG’s Data Security Investigation

On August 21, 2017, the United States Court of Appeals for the Eighth Circuit affirmed the dismissal of a putative class action arising from the Scottrade data breach. Notably, however, the Eighth Circuit did not agree with the trial court’s ruling that the plaintiff lacked Article III standing, instead dismissing the case with prejudice for failure to state a claim.
Continue Reading Eighth Circuit Finds Article III Standing Yet Affirms Dismissal of Scottrade Breach Case

Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016).
Continue Reading Nevada Enacts Website Privacy Notice Law

On June 12, 2017, a putative class action was filed in the U.S. District Court for the Northern District of Georgia against Tempur Sealy International, Inc. and Aptos, Inc. Tempur Sealy is a mattress, bedding and pillow retailer based in Lexington, Kentucky. Aptos is headquartered in Atlanta, Georgia, and formerly hosted and maintained Tempur Sealy’s website and online payment system. The plaintiff alleges that the breach was discovered in November of 2016 and involved the exposure of payment card data and other PII of an undisclosed number of Tempur Sealy customers.   
Continue Reading Tempur Sealy Data Breach: Putative Class Action Filed