Skip to content

On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. The settlement comes as no surprise to the privacy community – Facebook has been closely scrutinized by the public and regulators since the Cambridge Analytica data incident in March 2018 and indicated to investors earlier this year that it anticipated a fine from the FTC between $3 and $5 billion.

We have read the complaint, settlement, and press releases issued by the FTC and Facebook, and provide our thoughts below on what it means for business: Continue Reading Business Takeaways from the FTC $5 Billion Settlement with Facebook

Trend Micro, a cybersecurity solutions provider, recently reported that it blocked ~5 million hacking attempts of IP-connected cameras in just the last 5 months. This means that a hell of a lot of people are trying to hack into Internet-connected cameras. But why?

Continue Reading Watching Me, Watching You—IoT Camera Hacks Surge

An Internet advertising agency that specializes in lead generation for law firms failed to properly secure databases that included the records of about 150,000 individuals. The ad agency, X Social Media, utilizes campaigns on Facebook that target potential plaintiffs for personal injury cases, medical malpractice lawsuits, and mass tort claims. Since the Facebook ads that X Social Media uses to generate these leads are designed to collect and store medical information along with contact details, the database records themselves likely trigger many state breach notification statutes that list “medical information” as “personally identifiable information” — including California’s.

Continue Reading Just Ahead of CCPA, Ad Agency Fails to Secure Leads Data

The California Assembly had a busy May hearing amendments that might clarify (or further muddy) the California Consumer Privacy Act (“CCPA”). With four new bills approved by the Assembly in the final week of the month, May saw a total of 10 CCPA-related bills pass through the Assembly and on to the Senate. We covered a number of these in our last update. Here’s a rundown of the 10 bills: Continue Reading CCPA ABs – the Latest Alphabet Soup

On May 29, 2019, Nevada’s SB 220[1] became law, amending Nevada’s Privacy Law (2017).[2] The existing Nevada Privacy Law is similar to California’s Online Privacy Protection Act (2004), by requiring a conspicuously posted privacy policy. The new SB 220 resembles the new California Consumer Privacy Act (“CCPA”) but is more narrow in application and scope.

Continue Reading Nevada’s New Privacy Law Has Data Sale Opt-Out Rights

California’s Senate voted on Thursday to hold SB-561, effectively killing the bill for 2019. The CCPA gives consumers the right to sue a business for data breaches, and SB-561 would have expanded the right to sue for any violation of the CCPA, even technical privacy violations. The death of the bill means that the private right of action will remain limited to data breaches, and the California legislature will not revisit expansion until 2020 at earliest. Continue Reading CCPA Amendment Update: Bill to Expand Private Right of Action is Dead (for Now)

Many organizations are committing considerable resources to preparing for compliance with  the California Consumer Privacy Act (CCPA), a process that is complicated by the large number of pending proposed legislative amendments. We won’t rehash the history here. As you know, the Act has an effective date of January 1, 2020, and the Attorney General can enforce the Act on July 1, 2020 (or six months after issuing regulations). This post is meant to bring you up to speed on some of the key proposed amendments to the CCPA (there are many more not addressed here) and where they are in the California legislative process. This process is constantly in flux, so keep a close eye on the text and history of these bills (some of which are linked below).

Continue Reading The CCPA Amendments – What’s the Deal?

The Office of the California Attorney General (AG) made its fourth stop on its statewide California Consumer Privacy Act listening tour, holding in Los Angeles a public forum on the CCPA. The forums invite public comment as the AG prepares regulations for implementing and enforcing the law. Although the AG specifically requested comment on the seven areas identified in the law for the AG’s regulation,[1] it was clear that some categories caught the attention of the public more than others. And even though the forum was structured to allow participants to provide ideas and suggestions (the AG did not respond to comments or questions presented), most commentators asked for clarity and specific direction from the AG regulations, to help decipher the reach of CCPA and its compliance obligations.

Continue Reading Attorney General Holds Public Forum on CCPA

Vermont’s new Data Broker Regulation (“Regulation”) takes effect on January 1, 2019. The Regulation requires, among other things, that data brokers register with the Vermont Secretary State and protect personally identifiable information of Vermont residents. This week, the Vermont Attorney General issued guidance on the Regulation, which helps address questions on process and scope. Below are some of the key takeaways from the Regulation and guidance.

Continue Reading Vermont AG Issues Guidance on New Data Broker Regulation