Cybersecurity

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor

We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly

Yesterday the White House Office of Management and Budget issued guidelines (the “Guidelines”) requiring all federal agencies to buy and use software that comply with “secure development practices” developed by the National Institute of Standards and Technology (“NIST”).  The Guidance follows an Executive Order (“EO”) of May 2021 on improving cybersecurity across government agencies and

CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP as well as a featured subject matter expert for LexisNexis, Jesse Taylor and Shing Tse teamed up to co-author a chapter of the Lexis Practical Guidance titled “Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations. In this practice

Earlier this month, Law360 released the names of those chosen for the 2022 MVP awards. Of the 900 attorneys who were nominated for the honor, Law360 notes that, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.”

Continue Reading Congratulations to CPW’s Kristin Bryan on Being Named a 2022 Cybersecurity & Privacy MVP by Law360!

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices | Consumer Privacy World

With the implementation of new regulations involving the handling of “HR data” across the US and the EU, transatlantic employers can expect to face unique challenges as they make efforts to incorporate these new regulations with existing procedures. In the coming months, managing data subject rights and business obligations that apply to HR data will

The California Consumer Privacy Act (CCPA) currently has limited carve-outs for personal information (PI) collected from a job applicant, employee, owner, director, officer, medical staff member, or independent contractor of a business acting in such capacity (including, without limitation, communications, emergency contact and benefits PI) (HR data). An even broader exception applies to B-to-B communications and related PI (e.g., vendor, supplier and business customer contacts and communications) (B-to-B data). As a result, businesses subject to the CCPA are not currently required to honor CCPA rights requests received from persons concerning HR data and B-to-B data. These carve-outs are set to sunset on January 1, 2023, when the California Privacy Rights Act (CPRA), which substantially amends the CCPA, goes into full effect, at which point HR data and B-to-B data will be fully subject to all of the requirements of the CCPA/CPRA. Many business administrators had hoped that either the California legislature would extend the HR data exceptions (or maybe even make them permanent), or a federal law that limited data subject rights to traditional consumers would pass and preempt CCPA/CPRA. It is now clear that the former is impossible and the latter is highly unlikely. Accordingly, many companies have a lot to do by year-end to prepare to stand up a CCPA/CPRA program for HR data and B-to-B data.

Continue Reading HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail

Yesterday, in the District of Idaho, the Federal Trade Commission (“FTC”) filed a rare complaint seeking a permanent injunction against Kochava Inc. (“Kochava”), a company that, according to the FTC, is a “location data broker that provides its customers massive amounts of precise geolocation data collected from consumers’ mobile devices.” Case No. 22-cv-00377 (D. Idaho). Kochava itself this month had earlier commenced litigation against the FTC in a dramatic pushback after receiving a proposed injunction from the agency. This case is a must-watch going forward, given the FTC’s recent focus on data privacy and cybersecurity.  

The Complaint filed yesterday in federal court alleges that “Kochava has sold access to its data feeds on online data marketplaces that are publicly accessible.” Additionally, while “Kochava typically charges a monthly subscription fee of thousands of dollars to access its location data feed,” the FTC also alleges that the company “has also offered a free sample . . . [which is] publicly available with only minimal steps and no restrictions on usage.”  

Continue Reading FTC Sues Data Broker for Purportedly Selling Geolocation Information, Alleging “Unfair Sale of Sensitive Data”