Litigation

Last month, a district court in the Northern District of California delivered a fatal blow to the Javier saga, dismissing his claim with prejudice. Javier v. Assurance IQ, LLC, No. 20-CV-02860-CRB, 2023 WL 3933070 (N.D. Cal. June 9, 2023).   As we previously reported, the court’s holding concludes a drawn-out dispute on a website

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers | Privacy World

Digital Assets in England and Wales:

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers | Privacy World

Digital Assets in England and Wales:

In the last week, the Federal Communications Commission (FCC) has taken several steps to signal a more assertive and aggressive role for that agency on privacy, data protection and cybersecurity issues.

First, The FCC announced on June 14, 2023, the creation of a Privacy and Data Protection Task Force that will coordinate across the FCC on rulemaking, enforcement and other proceedings impacting privacy and data protection. Among the issues that the Task Force will focus on are data breaches by telecommunications providers and vulnerabilities involving third-party vendors servicing telecommunications providers. FCC Chairwoman Jessica Rosenworcel noted that the Task Force, which the Chief of the Enforcement Bureau will lead, will play a prominent role in the agency’s effort to modernize its data breach rules and new rules to crack down on SIM-swapping fraud.
Continue Reading FCC Initiatives on Data Privacy, Internet Network Security and Data Caps

In 2020, when the California Consumer Privacy Act (CCPA) came into effect, the privacy landscape in the US changed forever. Fast forward three years, we now have close to a dozen states that have passed consumer privacy laws, with the second generation of consumer privacy laws giving particular attention to sensitive data. In particular, there is an emerging trend, in both new legislation and enforcement of existing privacy and consumer protection regimes, towards a focus on the collection, use, and sharing or selling of health-related personal information, specifically information that is outside the scope of the federal Health Insurance Portability and Accountability Act (HIPAA).[1] The effect is a restriction on what publishers, advertisers, and other commercial enterprises can do with consumer health information, often broadly defined to include any past, present or future health status or inference regardless of sensitivity (e.g., acne or a headache). These developments include:
Continue Reading Health (and Health-ish) Data and Advertising Under Scrutiny

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Issues Guidelines for Submitting the Personal Information Protection Impact Assessment for Data Exports | Privacy World

New Zealand Urges

On May 30th, the Cybersecurity Administration of China (CAC) issued details of the format for filing with the government the documentation necessary for the export of Personal Information collected in China.  This guide acts to supplement the requirements set forth in the February 24, 2023 regulations, which came into effect on June 1, 2023 (though there is a 6-month extension allowed for existing data transfers).
Continue Reading China Issues Guidelines for Submitting the Personal Information Protection Impact Assessment for Data Exports

On June 7, 2023, New Zealand’s Office of the Privacy Commissioner (OPC) issued a statement [1] encouraging all businesses to adopt two-factor authentication (2FA) to protect information that they hold. In her remarks, Deputy Commissioner Liz MacPherson highlighted that this should be the case regardless of the size of the organisation. She referenced the OPC’s latest small businesses insights report, and opined that:

“When a cyber… breach occurs, the question [that will be asked] … is ‘have you taken reasonable cybersecurity steps to protect the personal data you hold?’ Not to have taken reasonable steps is a breach of the Privacy Act… What is reasonable depends on the size of the organisation and the scale and sensitivity of the personal information they hold.
Continue Reading New Zealand Urges All Businesses To Adopt 2FA

On June 6, 2023, the governor signed the Florida Digital Bill of Rights into law. We previously covered the consumer privacy bill here. The law targets larger companies because a “controller” must have $1 billion in global gross revenue, plus one of the following:

  1. 50% of global gross revenue comes from the sale of