On June 6, 2019, the CNIL announced that it levied a fine of 400,000 Euros on SERGIC, a French real estate service provider. This blog entry provides an overview of the case.
Continue Reading CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
Personally Identifiable Information
California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses
On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018. The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. The Act will take effect January 1, 2020.
Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses
California Assembly Bill Aims to Avert State Ballot Initiative Related to Privacy
On June 21, 2018, California lawmakers introduced AB 375, the California Consumer Privacy Act of 2018. If enacted and signed by the Governor by June 28, 2018, AB 375 would introduce key privacy requirements for businesses, but would also result in the removal of a ballot initiative of the same name from the November 6, 2018, statewide ballot. …
Continue Reading California Assembly Bill Aims to Avert State Ballot Initiative Related to Privacy
California Ballot Initiative to Establish Disclosure and Opt-Out Requirements for Consumers’ Personal Information
On November 6, 2018, California voters will consider a ballot initiative called the California Consumer Privacy Act. The Act is designed to give California residents the right to request from businesses the categories of personal information the business has sold or disclosed to third parties, with some exceptions. …
Continue Reading California Ballot Initiative to Establish Disclosure and Opt-Out Requirements for Consumers’ Personal Information
Colorado Amends Data Breach Notification Law and Enacts Data Security Requirements
Recently, Colorado’s governor signed into law House Bill 18-1128 “concerning strengthening protections for consumer data privacy,” which takes effect on September 1, 2018. …
Continue Reading Colorado Amends Data Breach Notification Law and Enacts Data Security Requirements
Vermont Enacts Nation’s First Data Broker Legislation
Recently, Vermont enacted legislation that regulates data brokers who buy and sell personal information.
Continue Reading Vermont Enacts Nation’s First Data Broker Legislation
Samanage USA, Inc. Agrees to Pay to Settle Vermont AG’s Data Security Investigation
On September 29, 2017, North Carolina-based technology company Samanage USA, Inc. agreed to a $264,000 settlement with the Vermont Attorney General in relation to a breach that exposed the Social Security numbers of 660 Vermont Health Connect users. …
Continue Reading Samanage USA, Inc. Agrees to Pay to Settle Vermont AG’s Data Security Investigation
Eighth Circuit Finds Article III Standing Yet Affirms Dismissal of Scottrade Breach Case
On August 21, 2017, the United States Court of Appeals for the Eighth Circuit affirmed the dismissal of a putative class action arising from the Scottrade data breach. Notably, however, the Eighth Circuit did not agree with the trial court’s ruling that the plaintiff lacked Article III standing, instead dismissing the case with prejudice for failure to state a claim. …
Continue Reading Eighth Circuit Finds Article III Standing Yet Affirms Dismissal of Scottrade Breach Case
Nevada Enacts Website Privacy Notice Law
Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016). …
Continue Reading Nevada Enacts Website Privacy Notice Law
Tempur Sealy Data Breach: Putative Class Action Filed
On June 12, 2017, a putative class action was filed in the U.S. District Court for the Northern District of Georgia against Tempur Sealy International, Inc. and Aptos, Inc. Tempur Sealy is a mattress, bedding and pillow retailer based in Lexington, Kentucky. Aptos is headquartered in Atlanta, Georgia, and formerly hosted and maintained Tempur Sealy’s website and online payment system. The plaintiff alleges that the breach was discovered in November of 2016 and involved the exposure of payment card data and other PII of an undisclosed number of Tempur Sealy customers. …
Continue Reading Tempur Sealy Data Breach: Putative Class Action Filed