Cyber insurance is top of mind lately due to heightened cyber vulnerabilities caused by an expanding remote workforce. Thankfully, Consumer Privacy World privacy pros provided some great guidance in their article “CGL Exclusions For Cyberattacks and Loss of Electronic Data: Is There A Gap In Your Coverage” published in the American Bar Association’s
In a recent case from the Eastern District of Pennsylvania[1], the court provided some helpful clarifications regarding the reinvestigation obligations of a consumer reporting agency (“CRA”) under the Fair Credit Reporting Act (“FCRA”). Section 611(a) of the FCRA requires a CRA to conduct a reasonable reinvestigation of any item of information in a
It almost beggars belief, but after numerous drafts and hundreds of comments, the regulations promulgated under the California Consumer Privacy Act of 2018 are now final, though with a few unexpected changes. Read more about it here at our sister blog Security & Privacy Bytes!
The California Attorney General (“AG”) announced on Friday, August 14th, that the Office of Administrative Law (“OAL”) approved the final California Consumer Privacy Act (“CCPA”) regulations. The AG submitted the regulations to OAL for approval on June 1, 2020. The final version includes several substantive changes where the AG “withdrew” provisions along with procedural and grammatical changes. Although the AG did not explain the reasons for withdrawing several provisions in the Addendum to Final Statement of Reasons, the AG stated he may resubmit these provisions following “further review and possible revision.” The final regulations have immediate effect and are now enforceable by the AG.
Continue Reading Final CCPA Regulations Are Now in Effect – With a Few Changes
The U.S National Institute of Standards and Technology (“NIST”) recently published its “Zero Trust Architecture,” which outlines a road map for cybersecurity measures across an organization. NIST explained that the security concept was created with the purpose of “mov[ing] defenses from static, network-based perimeters to focus on users, assets, and resources.” “Zero trust” is a
A recent decision in the Eastern District of Pennsylvania confirms Third Circuit precedent that an employer’s failure to provide a consumer with notice of their rights under the Fair Credit Reporting Act (“FCRA”), as required by the FCRA, does not cause an injury-in-fact where the plaintiffs ultimately became aware of their rights and timely brought
In a surprising turn of events, the California State Senate significantly amended California Assembly Bill 1281 (“AB-1281”) late last week. AB-1281 initially proposed enhanced protections for the use of facial recognition technologies, which have now been removed. The amended AB-1281 now focuses on extending by one year the B2B and employee exemptions provided for under the California Consumer Privacy Act (“CCPA”), previously discussed here. Those exemptions currently become inoperative on January 1, 2021; if AB-1281 is enacted, they would become inoperative on January 1, 2022. Note, however, that if the California Privacy Rights Act (read our recent analysis here) passes on the upcoming November 3rd ballot, these exemptions will be extended for an additional year, and will become inoperative on January 1, 2023.
Continue Reading Amendments to CA AB-1281: Addition by Subtraction?
As of today, July 1, 2020, the California Attorney General (“AG”) will begin enforcing the California Consumer Privacy Act of 2018 (“CCPA”), which went into effect on January 1, 2020. Under the CCPA, the AG may recover civil penalties of up to $2,500 for each violation and up to $7,500 for each intentional violation. The
As of today, July 1, 2020, the California Attorney General (“AG”) will begin enforcing the California Consumer Privacy Act of 2018 (“CCPA”), which went into effect on January 1, 2020. Under the CCPA, the AG may recover civil penalties of up to $2,500 for each violation and up to $7,500 for each intentional violation. The CCPA also provides for a private right of action for damages resulting from a data breach involving certain defined types of personal information; indeed, a significant amount of CCPA class action litigation has already been filed. See our prior posts for a detailed analysis of the CCPA and its requirements. In connection with the commencement of CCPA enforcement activity, California AG Xavier Becerra issued the following statement:
Today we begin enforcement of the California Consumer Privacy Act (CCPA), a first-of-its-kind data privacy law in America. We encourage every Californian to know their rights to internet privacy and every business to know its responsibilities. The website of every business covered by the law must now post a link on its homepage that says “Do Not Sell My Personal Information.” Click on it. Remember, it’s your data. You now get to control how it’s used or sold.
In a class action involving an allegation that an employer failed to give the “stand-alone” disclosure that is required under the Fair Credit Reporting Act (“FCRA”) before obtaining a consumer report, the Ninth Circuit clarified what is necessary in order to have Article III standing in this context.
Section 604(b)(2)(A)(i) of the FCRA requires that