In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading
We have been watching all of the activity around the proposed amendments to the California Consumer Privacy Act (CCPA) to see where the law settles to assist with compliance. Not surprisingly, but nonetheless important to know, is the fact that the California Assembly on May 29, 2019, unanimously passed an amendment to CCPA that excludes … Continue Reading
One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage … Continue Reading
Like many of you, I don’t answer my cell phone unless the number pops up as someone I know, because a majority of the calls I get are spam or robocalls. It’s so frustrating. Although these calls are probably a violation of the Telephone Consumer Protection Act (TCPA), the Federal Trade Commission (FTC) – the … Continue Reading
A few weeks ago, I pondered whether the California Consumer Privacy Act of 2018 (CCPA) is still a bit of a work in progress with the introduction of a proposed amendment. Recently, another amendment was proposed by Assembly Member Edwin Chau in the form of Assembly Bill 25. Assembly Bill 25 would exclude employees and … Continue Reading
The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading
We write about data breaches and privacy issues all the time. We are desensitized in some ways to the fact that our privacy may have been, or will be, compromised and, quite frankly, many people now distrust some of the very companies with which they shared their information. California led the way regarding privacy legislation … Continue Reading
On the heels of working with clients on compliance with the European Union’s General Data Privacy Regulation (GDPR) and the rapidly evolving landscape of data privacy and security laws and regulations, the next hurdle to set compliance sights on for organizations is the California Consumer Privacy Act (CCPA). We have previously outlined the requirements of … Continue Reading
This was a busy week for activity and discussions on the federal level regarding existing privacy laws – namely the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). But the real question is, could a federal privacy law actually happen in 2019? Cybersecurity issues and the possibility of a … Continue Reading
Lead plaintiff, John Herrick, in the Telephone Consumer Protection Act (TCPA) class action lawsuit against GoDaddy.com LLC (GoDaddy.com) opposed an Arizona federal judge’s May 2018 decision to grant summary judgment in favor of GoDaddy.com. The court granted summary judgment on the grounds that the platform used to send the text messages did not qualify as … Continue Reading
This week we continue our series of articles on the California Consumer Privacy Act of 2018 (CCPA). One of the biggest challenges for all of us who are analyzing this law is that even before its 2020 effective date, it’s still a work in progress. This week, legislation was introduced by California State Senator Hannah-Beth … Continue Reading
Many companies’ sales and marketing department have no idea that there is a law that generally prohibits the use of robocalling or SMS texting for sales and marketing purposes without the express written consent of the recipient. Many of us get spam calls on our cell phones and residential phone lines (if they still exist) … Continue Reading
Last week, Florida skin care spa, Medspa Del Mar LLC (Medspa) was hit with a Telephone Consumer Protection Act (TCPA) class action in federal court for allegedly using an automatic dialing system to send unwanted text messages advertising its treatments. Lead plaintiff claims that Medspa invaded her and other class members’ privacy by sending a … Continue Reading
This week we continue our series of articles on the California Consumer Privacy Act of 2018 (CCPA). We’ve been discussing the broad nature of this privacy law and answering some general questions, such as what is it? Who does it apply to? What protections are included for consumers? How does it affect businesses? What rights … Continue Reading
The California Consumer Privacy Act of 2018 (CCPA) is here and it’s best to start now to learn what this law is, who it applies to, and what you and your business can do to be prepared. This article is a follow up to our earlier post on the CCPA. Although the Act was passed … Continue Reading
On January 8, 2019, the California Department of Justice hosted the first in a series of six public forums on the California Consumer Protection Act (CCPA). The forums offer the public an opportunity for comment in advance of the drafting of regulations by the state Attorney General’s office. These regulations are seen as being particularly … Continue Reading
The “security principle” under the General Data Protection Regulation (GDPR) requires that organizations process personal data securely by means of “appropriate” technical and organizational measures. This month, the United Kingdom’s Information Commissioner’s Office (ICO) issued new guidance focused on two specific measures the ICO recommends that companies consider in complying with the GDPR security requirements: … Continue Reading
Last month, the French data protection authority (the CNIL) issued initial guidance addressing issues that applications utilizing blockchain technology should consider in order to comply with the European General Data Protection Regulation (GDPR). As recognized by the CNIL, there are certain natural conflicts between GDPR and blockchain technology. A critical feature of the blockchain is … Continue Reading
Tim Cook, Apple CEO, recently delivered the keynote address for a privacy conference, attended by policy experts and European Union (EU) lawmakers in Brussels, Belgium, where he advocated for new data privacy laws in the United States, similar to the EU’s General Data Protection Regulation (GDPR). Cook said that modern technology has led to the … Continue Reading
As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers … Continue Reading
One of our clients told us this week that he loves to read the blog and Insider, but that he would really appreciate it if we would point out some hot compliance tips so when he scans the Insider he can see hot button topics that he should be aware of that he might not … Continue Reading
As many of our readers know, the General Data Protection Regulation (GDPR) imposes significant obligations and responsibilities on entities with regard to data protection and privacy for all individuals within the European Union and the European Economic Area. Violations of GDPR can result in fines up to €20 million, or up to 4 percent of … Continue Reading
Choice Hotels International Inc., was recently sued for failing to provide disabled users with information about its rooms’ and grounds’ accessibility. The suit, referencing the Comfort Inn in Gainesville, Florida, states that the hotel’s online reservation system fails to provide users with information about the accessible features for those using wheelchairs or canes. According to … Continue Reading
The United Kingdom data privacy watchdog reports that the number of complaints received since the EU’s General Data Protection Regulation (GDPR) took effect three months ago has almost doubled. Under GDPR, anyone who believes their personal data has been misused can file a complaint with the Information Commissioner’s Office, or ICO. Legal Experts say GDPR … Continue Reading
