Tag Archives: California

CCPA Enforcement Looms

We have previously alerted our readers about the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. CCPA is one of the strictest consumer privacy laws in the U.S. and is broadly applicable [view related posts]. Although CCPA went into effect on January 1, 2020, enforcement by the California Attorney General … Continue Reading

CCPA Final Proposed Regulations Filed

The California Attorney General submitted the final proposed California Consumer Privacy Act (CCPA) regulations on June 1, 2020 to the California Office of Administrative Law (OAL) for review. According to the Attorney General’s submission, OAL has thirty working days to review the regulations, plus an additional sixty calendar days under the Governor’s Executive Order N-40-20 … Continue Reading

CCPA 2.0 May Be Heading for the November Ballot in California

The consumer group Californians for Consumer Privacy announced on May 4, 2020, that it was submitting well over 900,000 signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot. This new ballot initiative, which can be reviewed here, creates some additional consumer privacy rights and expands some areas already included in … Continue Reading

City of L.A. Email Blunder Exposes COVID-19 Test Results to All Recipients

Although email seems to be the preferred method of communication during the coronavirus pandemic, an error made by a City of Los Angeles employee is one to learn from and avoid repeat. Unfortunately, when emailing COVID-19 results to multiple individuals, instead of blind copying the recipients with the results, a staff member from the City … Continue Reading

Businesses and Trade Groups Seek Delay in CCPA Enforcement Actions

Recently businesses and advertising trade groups wrote a letter to the California Attorney General Xavier Becerra to request delayed enforcement of the California Consumer Privacy Act (CCPA) as a result of the COVID-19 global pandemic. The letter cited the current health crisis as a result of COVID-19 and a state of national emergency as the … Continue Reading

IoT Manufacturers – What You Need to Know About California’s IoT Law

California has a privacy law that took effect on January 1, 2020, and it’s not the California Consumer Privacy Act (CCPA). This new privacy law regulates Internet of Things (IoT)-connected devices. SB 327 was enacted in 2018 and became effective on January 1, 2020. The California IoT law requires manufacturers of connected devices to equip … Continue Reading

Help with Yelp: Posting Personal Information in Response to a Negative Review Can Land You in Hot Water

Virtually every company that provides goods or services to the public will, at some point, have a negative review posted online by a dissatisfied consumer. While such reviews are understandably upsetting, a company should not respond in kind with negative comments about the reviewer and certainly should not reveal personal or sensitive information about them. … Continue Reading

Introducing the New York SHIELD Act

The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act), N.Y. Gen Bus. Law§ 899-bb, requires businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards to protect that information. While this is a new law in the State of New York, it is simply joining other states, … Continue Reading

From California to Nevada: Another State Privacy Law That You Need to Know

While we’ve discussed the California Consumer Privacy Act (CCPA) at length, Nevada was busy amending its internet privacy law and in the process beat California’s deadline for the effective date by three months. Nevada’s SB 220 is effective as of October 1, 2019. This law prevents covered operators from selling individual’s personal information and allows … Continue Reading

Ransomware Attacks Double in 2019: Medical Providers Can’t Recover and Shut Down

Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in California, is permanently closing following a ransomware attack. Wood Ranch was hit with a ransomware attack over the summer, and … Continue Reading

CCPA Draft Regulations Expected in October

Bloomberg Law reported this week that California Attorney General Xavier Becerra expects to issue draft regulations for the California Consumer Privacy Act (CCPA) in October. Bloomberg reported that AG Becerra told reporters the regulations would be published next month. Businesses and consumers will then be able to submit public comments to the regulations. Bloomberg also reported … Continue Reading

Cities Consider Banning the Use of Facial Recognition Technology

In the footsteps of San Francisco’s ban of the use of facial recognition technology, the cities of Somerville, Massachusetts, Oakland, California, and Berkeley, California are considering banning the use of facial recognition technology by municipal agencies. The proposed ban is in the midst of more and more cameras and smart technology being used for traffic … Continue Reading

Oregon’s New IoT Law

Oregon became the latest state to require manufacturers of internet “connected devices” that make, sell or offer to sell the devices in the state to equip the device with “reasonable security features” according to Oregon House Bill 2395 amending ORS 646.607. According to the law, “[R]easonable security features” means methods to protect a connected device … Continue Reading

Model Rule for Securities Administrators Approved by NASAA

The North American Securities Administrators Association (NASAA) this week approved an information security model rule package aimed at improving the cybersecurity posture of the 17,543 state-registered advisers. The proposed model would require state-registered investment advisers to establish written cybersecurity policies and procedures designed to safeguard clients’ records and information, and to deliver its privacy policy … Continue Reading

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading

California Law IoT Devised to Have “Reasonable Security Feature”

On September 28, 2018, California passed Senate Bill No. 327, Chapter 886, which regulates the security of all internet of things (IoT) devices sold in California.  Collectively, IoT broadly refers to all internet-enabled devices and includes everything from doorbells and lamps to cell phones and wearable devices. This bill, beginning on January 1, 2020, will … Continue Reading

Judge Rules Biometric Identifiers Can’t Be Used to Unlock Phone

A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading

California AG’s Office Begins CCPA Rulemaking Process with Series of Public Forums

On January 8, 2019, the California Department of Justice hosted the first in a series of six public forums on the California Consumer Protection Act (CCPA). The forums offer the public an opportunity for comment in advance of the drafting of regulations by the state Attorney General’s office. These regulations are seen as being particularly … Continue Reading

Parties Seek to Settle Yahoo Data Breach Class Action for $50M

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading

California Tackles IoT Security with New Bill

The State of California is once again leading the way with trying to keep up with technology and protecting consumers. Senate Bill 327 requires Internet of Things (IoT) developers to implement “reasonable security features” in IoT products, such as baby monitors, televisions, automobiles, home appliances, fitness monitors, home security systems, and the like. This is … Continue Reading

Adidas Removes Putative Class Action Suit Arising Out of the Data Breach Announced Earlier this Year

On June 28, 2018, Adidas released a statement announcing that it recently “became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Adidas believed the breach was limited to contact information, usernames and encrypted passwords, and not any stored credit card or fitness information, relating to millions of … Continue Reading
LexBlog