The state of Virginia recently enacted a law banning local law enforcement and campus police departments from using facial recognition technology. Facial recognition technology is defined as an “electronic system for enrolling, capturing, extracting, comparing, and matching an individual’s geometric facial data to identify individuals in photos, videos, or real time.” The law states that

On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.

Of the $2 million, $750,000 will be

Last month, an Oregon federal judge refused ViSalus’ request to decrease the $925 million jury award against it for its alleged violations of the Telephone Consumer Protection Act (TCPA). ViSalus, a health supplement maker, allegedly made approximately 1.8 million unsolicited robocalls. This award came after ViSalus decided not to settle the class action and face

On September 9, 2020, the Portland, Oregon City Council voted unanimously to ban the use of facial recognition technology by the city government, including the police department, following similar actions by the cities of Boston and San Francisco. According to one Council member, “[T]his technology just continues to exacerbate the over-criminalization of Black and brown

Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), more than 30 reports of data breaches were filed by health care entities in the first month and a half of 2020. Although a few reported breaches involved theft or improper

U.S. Senator Ron Wyden, D-Oregon, recently introduced comprehensive privacy legislation, known as the “Mind Your Own Business Act” (MYOB Act), to provide protections for the private data of Americans and to hold corporate executives accountable if they abuse such information. While this isn’t the first such legislation introduced in Congress and is unlikely

The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to

Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements.

The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information