On August 19, 2020, the California State Assembly on Appropriations ordered to a second reading Assembly Bill (“AB”) 1281, which would extend the exemption of the California Consumer Privacy Act (“CCPA”) in relation to employee information and business-to-business (“B2B”) transactions until January 1, 2022.  Specifically, AB 1281 would exempt information collected about a natural person

On Friday, August 14, 2020, the California Attorney General released the final CCPA regulations issued under the California Consumer Privacy Act of 2018 (“CCPA”) as approved by the California Office of Administrative Law (“OAL”), and filed them with the California Secretary of State.  During its review, the OAL made additional revisions to the CCPA regulations,

Vermont Amends Data Breach Notification Law

On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”

Key amendments to the security breach act include:

  • An expanded definition of Personally Identifiable Information (“PII”). The definition now

On July 21, 2020, the New York State Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for breach of state cybersecurity regulations. Specifically, NYDFS alleges that First American exposed tens of millions of documents containing consumers’ sensitive personal information, including bank account numbers and statements, mortgage and tax

We previously posted on yesterday’s Schrems II decision issued by the Court of Justice of the European Union (CJEU). Today (Jun 17, 2020), the Berlin data protection authority (Berlin DPA) went even further than the CJEU opinion, issuing a statement on the Schrems II case, calling for Berlin-based data controllers storing personal data in the

On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL).   The package included not only the final text of the regulations, but also the final statement of reasons for amendments to the previous drafts. There have been multiple rounds of drafts

  1. Details about Apple/Google Launch

Yesterday (May 20, 2020), Apple and Google launched software that will allow public health authorities to create mobile applications that notify people when they may have come in contact with people who have confirmed cases of COVID-19, while purportedly preserving privacy around identifying information and location data. People who have updated

Today, Senators Blumenthal (D-CT) and Mark Warner (D-VA) introduced the Public Health Emergency Privacy Act (“PHEPA”) into the Senate. A companion house bill was introduced by Reps. Anna Eshoo (D-CA), Jan Schakowsky (D-IL), and Suzan DelBene (D-WA), which was co-sponsored by Reps. Yvette Clarke (D-NY), G.K. Butterfield (D-NY), and Tony Cárdenas (D-CA).   This and similar

On May 1, 2020, the U.S. House of Representatives introduced House Resolution 6666, the COVID-19 Testing, Reaching, And Contacting Everyone (“TRACE”) Act.  The resolution, sponsored by Bobby Rush (D-IL) would authorize the Secretary of Health and Human Services to award grants to eligible entities to conduct diagnostic testing for COVID-19 to trace and monitor the

As they had previously announced their intent to do so,  the leadership of several Senate Committees introduced the “COVID-19 Consumer Data Protection Act” on May 7, 2020.

The Act would:

  • Require companies under FTC jurisdiction to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, device, geolocation, or proximity information