Vermont Amends Data Breach Notification Law

On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”

Key amendments to the security breach act include:

  • An expanded definition of Personally Identifiable Information (“PII”). The definition now

On July 16, 2020, the Court of Justice of the European Union (“CJEU” or “Court”) issued a significant judgment in Case C-311/18 (“Schrems II decision”) on the adequacy of protection provided by the EU-US Data Protection Shield. The court concluded that the Standard Contractual Clauses (“SCCs”) issued by the European Commission for the transfer of

On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL).   The package included not only the final text of the regulations, but also the final statement of reasons for amendments to the previous drafts. There have been multiple rounds of drafts

As they had previously announced their intent to do so,  the leadership of several Senate Committees introduced the “COVID-19 Consumer Data Protection Act” on May 7, 2020.

The Act would:

  • Require companies under FTC jurisdiction to obtain affirmative express consent from individuals to collect, process, or transfer their personal health, device, geolocation, or proximity information

On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot.  This version of

As more and more businesses send their employees home to self-quarantine and work remotely as part of their COVID-19 mitigation measures, it is important to remember that working remotely carries with it unique data privacy and security concerns of which everyone should be aware.  The following are a few tips for employers and employees to

On December 6, 2019, the FTC issued an opinion finding that Cambridge Analytica, they had engaged in deceptive practices to collect personal information from several users of Facebook for purposes of voter profiling and targeting.  In addition, the Commission found that Cambridge Analytica had engaged in deceptive practices regarding its participation in the EU-US Privacy

Yesterday (November 26, 2019), a comprehensive federal privacy bill was introduced that would grant individuals broad rights with respect to their data, impose new obligations on data processors, and expand the Federal Trade Commission’s enforcement authority with respect to privacy, as well as allowing for state attorney general enforcement and individual rights of action. The

Last Friday, October 11, 2019, one day after the California Attorney General issued proposed regulations to implement the California Consumer Privacy Act of 2018 (“CCPA”), the California Governor, Gavin Newsom, announced that he signed all five of the September 2019 legislative amendments to the CCPA into law.  Those amendments include AB-25, AB-874, AB-1146, AB-1355, and

Today, on October 10, 2019, the California Attorney General (“AG”) issued long-awaited proposed regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”).  The AG also issued a notice of proposed rulemaking action and an initial statement of reasons elaborating on the purposes of the proposed regulations. The proposed regulations are intended to “establish procedures