Data Security Law Blog

http://datasecuritylaw.com/

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • CCPA Update: Key Proposed Regulations on Verification of Requests & Non-Discrimination On January 1, 2020, the California Consumer Privacy Act (CCPA) becomes operative.  As we reported last month, the California Attorney General (AG) released long-awaited draft regulations to the CCPA. This is the third installment in a series of posts discussing the regulations most relevant to companies as they determine whether they are covered under the law and how to comply.  This post discusses the key regulations on business verification of requests made by consumers and the non-discrimination provision of the... More
  • CCPA Update: Key Proposed Regulations for Business Practices for Handling Consumer Requests As we recently reported on this blog, the California Attorney General (AG) released long-awaited draft regulations to the California Consumer Privacy Act (CCPA). This is the second installment in a series of posts discussing the regulations most relevant to companies as they determine whether they are covered under the law and how to comply. This post discusses business practices for receiving and verifying consumer requests to delete or opt-out, and for disclosure of specific information, referred to in the regulations... More
  • CCPA Update: Key Proposed Notice and Privacy Policy Regulations As we recently reported on this blog, the California Attorney General (AG) released long awaited draft regulations to the California Consumer Privacy Act (CCPA). The regulations provided clarity on several provisions in the law, while also failing to answer some open questions. In a series of upcoming blog posts, we will discuss the regulations most directly relevant to companies as they determine whether they are covered under the law and how to comply. This first post discusses the notices and... More
  • CCPA Update: California Attorney General Releases Proposed Regulations On October 11, 2019, the California Attorney General released its long-anticipated Notice of Proposed Rulemaking Action and the text of its proposed regulations for the California Consumer Privacy Act (CCPA), along with an Initial Statement of Reasons for the proposed regulations.  The documents are not a short read, with the proposed regulations covering 24 pages, the Notice 16 pages, and the Statement of Reasons another 47 pages.  The proposed regulations were also released on the same day that Governor... More
  • FDA Issues Updated Guidance on Medical Apps Oversight Last month, the Food & Drug Administration (FDA) issued a long-awaited revision to its Policy for Device Software Functions and Mobile Medical Applications Medical App – Guidance for Industry and Food and Drug Administration Staff (the Guidance).  The revised Guidance was among several newly announced policies aimed at advancing the FDA’s digital health initiative that promotes innovation, while also permitting efficient and up-to-date regulatory oversight. In issuing the Guidance, which is non-binding, the FDA acknowledged the significant role that digital... More
  • A New Era of COPPA Enforcement? Earlier this month, YouTube and its parent company, Google, entered into a record $170 million proposed settlement to resolve allegations brought by the Federal Trade Commission (FTC) and the New York Attorney General (NYAG) under the federal Children’s Online Privacy Protection Act (COPPA). According to the complaint in the case, YouTube collected personal information on video channels directed to children without parental consent using persistent identifiers that can track individuals across the Internet. This is the largest penalty to date... More
  • Amendments to the California Consumer Privacy Act: Six Clarifications As readers of the Data Security Blog will know, the California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020.  The CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit businesses that do business in California and collect the personal information of “consumers,” meaning California residents.  The deadline for the California Legislature to update amendments to the CCPA was September 13, 2019.  All told, six amendments passed, though many more were proposed.... More
  • SEC’s Proposed Revisions to Regulation S-K Will Minimally Impact Cybersecurity Disclosure Requirements It has been thirty years since the Securities and Exchange Commission (the “SEC”) significantly revised Regulation S-K, which sets forth reporting requirements for public companies. The SEC is now taking a fresh look at the rules, proposing for public comment amendments to modernize the description of business, legal proceedings, and risk factor disclosures that public companies must make. This represents a good opportunity to revisit key disclosure requirements—including Items 503(c) (now Item 105), 101, and 103—that are the subject of... More
  • Home Depot Joins Facebook and Others in Facing Suit for Scanning Faces This past week, The Home Depot, Inc. became the latest business hit with a class action lawsuit for their use of facial recognition security cameras allegedly in violation of the Illinois Biometric Information Privacy Act.  If successful, Home Depot faces statutory damages of up to $5,000 for each time a shopper’s information was collected in violation of BIPA. As we previously reported, BIPA is one of the nation’s leading statutes dealing with the collection and use of biometric data, like... More
  • Capital One Hack Prosecution Raises New and Old Questions about Adequacy of CFAA On August 28, 2019, almost a month after Paige A. Thompson was arrested based on allegations that she hacked into servers rented by Capital One Financial Corporation, a criminal indictment was returned charging her with one count each of computer and wire fraud, as well as forfeiture allegations.  The indictment includes new allegations that, in addition to hacking Capital One’s data, Thompson illegally accessed and copied data from more than 30 different entities that rented or contracted servers at an... More