Vermont Amends Data Breach Notification Law

On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”

Key amendments to the security breach act include:

  • An expanded definition of Personally Identifiable Information (“PII”). The definition now

On July 21, 2020, the New York State Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for breach of state cybersecurity regulations. Specifically, NYDFS alleges that First American exposed tens of millions of documents containing consumers’ sensitive personal information, including bank account numbers and statements, mortgage and tax

We previously posted on yesterday’s Schrems II decision issued by the Court of Justice of the European Union (CJEU). Today (Jun 17, 2020), the Berlin data protection authority (Berlin DPA) went even further than the CJEU opinion, issuing a statement on the Schrems II case, calling for Berlin-based data controllers storing personal data in the

On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL).   The package included not only the final text of the regulations, but also the final statement of reasons for amendments to the previous drafts. There have been multiple rounds of drafts

  1. Details about Apple/Google Launch

Yesterday (May 20, 2020), Apple and Google launched software that will allow public health authorities to create mobile applications that notify people when they may have come in contact with people who have confirmed cases of COVID-19, while purportedly preserving privacy around identifying information and location data. People who have updated

Today, Senators Blumenthal (D-CT) and Mark Warner (D-VA) introduced the Public Health Emergency Privacy Act (“PHEPA”) into the Senate. A companion house bill was introduced by Reps. Anna Eshoo (D-CA), Jan Schakowsky (D-IL), and Suzan DelBene (D-WA), which was co-sponsored by Reps. Yvette Clarke (D-NY), G.K. Butterfield (D-NY), and Tony Cárdenas (D-CA).   This and similar

On May 1, 2020, the U.S. House of Representatives introduced House Resolution 6666, the COVID-19 Testing, Reaching, And Contacting Everyone (“TRACE”) Act.  The resolution, sponsored by Bobby Rush (D-IL) would authorize the Secretary of Health and Human Services to award grants to eligible entities to conduct diagnostic testing for COVID-19 to trace and monitor the

As they had previously announced their intent to do so,  the leadership of several Senate Committees introduced the “COVID-19 Consumer Data Protection Act” on May 7, 2020.

The Act would:

  • Require companies under FTC jurisdiction to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, device, geolocation, or proximity information

On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot.  This version of

On April 30, 2020, U.S. Sens. Roger Wicker (R-MS), chairman of the Senate Committee on Commerce, Science, and Transportation, John Thune (R-SD) chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, Jerry Moran (R-KS), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Marsha Blackburn (R-TN),  announced plans