In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Washington
Privacy World Week in Review
Join us on September 28 for a Webinar on Washington’s My Health My Data Act and other Consumer Health Data Regulation
By Squire Patton Boggs on
Posted in CCPA, CPA, FTC, Health, HIPAA/Health, Washington, Washington My Health My Data Act, Webinar
With its private right of action and expansive scope – extending far beyond Washington state’s borders and applying to a wide swath of health- and non-health-oriented companies alike – Washington’s My Health My Data Act is poised to be more ground-shifting than any other consumer privacy law that came before it. Join Kyle Fath, Bola Shonowo and Gicel Tomimbang for a discussion of:Continue Reading Join us on September 28 for a Webinar on Washington’s My Health My Data Act and other Consumer Health Data Regulation
Privacy World Week in Review
By Kristin Bryan on
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
China Generative AI New Provisional Measures | Privacy World
Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy…
Health (and Health-ish) Data and Advertising Under Scrutiny
In 2020, when the California Consumer Privacy Act (CCPA) came into effect, the privacy landscape in the US changed forever. Fast forward three years, we now have close to a dozen states that have passed consumer privacy laws, with the second generation of consumer privacy laws giving particular attention to sensitive data. In particular, there is an emerging trend, in both new legislation and enforcement of existing privacy and consumer protection regimes, towards a focus on the collection, use, and sharing or selling of health-related personal information, specifically information that is outside the scope of the federal Health Insurance Portability and Accountability Act (HIPAA).[1] The effect is a restriction on what publishers, advertisers, and other commercial enterprises can do with consumer health information, often broadly defined to include any past, present or future health status or inference regardless of sensitivity (e.g., acne or a headache). These developments include:
Continue Reading Health (and Health-ish) Data and Advertising Under Scrutiny
Privacy World Week in Review
By Kristin Bryan on
Posted in Biometric, Biometric Privacy Act, BIPA, CFPB, CISA, Cybersecurity, Data Privacy, Data Retention, General, Litigation, New York, NIST, Privacy, Technology, Tennessee, UK, UK, US, US, Utah, Washington, Webinar
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
BREAKING: Former Uber CSO Convicted of Criminal Obstruction and Concealment of a Felony for 2016 Data Breach Cover Up
By Kristin Bryan & Sasha Kiosse on
Posted in Attorney General, California, CCPA, Class Action, Cloud, Colorado, Compliance, Connecticut, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Florida, FTC, General, Illinois, Litigation, Massachusetts, New York, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Ransomware, SEC, Texas, US, Utah, Virgina, Washington, Wisconsin
After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).
Recall that back in 2016, two hackers stole data…
CPW Week in Review
By Kristin Bryan on
Posted in American Data Privacy and Protection Act (ADPPA), Arbitration, Article III, Artificial Intelligence, Biometric, BIPA, California, California Attorney General, California Invasion of Privacy Act, California Privacy Protection Agency, California Privacy Rights Act, California Privacy Rights Act (CPRA), Capture or Use of Biometric Identifier Act (CUBI), CCPA, Colorado, Colorado Privacy Act, Compliance, Connecticut, Connecticut Privacy Act (CTPA), Consumer Protection, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Delaware, Digital Advertising, Digital Markets, Digital Markets Act, Digital Technology, Discovery, DPO, DPPA, Events, FCC, FDCPA, Federal Communications Commission, Federal Question, Florida, FTC, GDPR, HIPAA, ICO, ICO, Idaho, Illinois, Injury in Fact, Litigation, Multidistrict Litigation, New York, Ohio, Privacy Litigation, Ransomware, SEC, Settlement, Standing, TCPA, Team News, Texas, UK, US, Utah Consumer Privacy Act (UCPA), Virginia Consumer Data Protection Act (VCDPA), Virtual Try-On (VTO), Washington, Webinar, Wisconsin, Women in Data
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference
SPB Senior Associate Discusses Practical Tips for Building Comprehensive Biometric Privacy Programs to Manage Legal Risks and Mitigate Liability Exposure in Biometric Update
By now, most CPW readers are very familiar with the term “BIPA”—the acronym used for Illinois’s game-changing biometric privacy law, which has led to a barrage of class action litigation pursued against companies that use biometric data in their commercial operations. BIPA is not, however, the only biometric privacy law on the books that presents…
T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims
By Kristin Bryan on
Posted in Article III, California, California Privacy Rights Act, Class Action, Class Certification, Colorado, Compliance, Connecticut, Consumer Protection, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Florida, General, Illinois, Injury in Fact, Litigation, Multidistrict Litigation, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Removal, Settlement, Standing, US, Utah, Virgina, Washington
In a record-setting proposed settlement filed last week, T-Mobile has agreed to pay $350 million and boost its data security by $150 million over the next two years to resolve multidistrict litigation brought by T-Mobile customers whose data was allegedly exposed in a 2021 data breach. Read on for the terms of the settlement, which may serve as a model in other high stakes data security cases going forward.
Recall that in August 2021, T-Mobile disclosed that it had been the victim of a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information the “Data Event”). By T-Mobile’s account, no “customer financial information, credit card information, debit or other payment information” was exposed in the attack. Nevertheless, over 40 putative class action claims were filed seeking damages for the improper disclosure of Plaintiffs’ personal information. In December 2021, the Judicial Panel on Multidistrict Litigation transferred and centralized the putative class actions into the MDL standing before the Western District of Missouri.Continue Reading T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims
Carnival Cruise Line and 46 State Attorneys General Reach $6 Million Dollar Settlement Over 2019 Data Breach
By Kristin Bryan on
Special thanks to our Summer Associate, Nyet Abraha, for her work on this blog.
Carnival Cruise Line, one of the largest international cruise lines, has agreed to pay $6 million to resolve claims brought by state attorneys general in response to a 2019 data breach. In March 2020, Carnival reported a data breach that compromised…