Data breach
Subscribe to Data breach's Posts

Importance of CCPA Compliance Highlighted by First Round of Private Actions

The first wave of California Consumer Privacy Act litigation has begun to roll in, and the complaints are already raising interesting questions about the scope of CCPA’s private right of action. The actions assert a variety of claims under numerous theories and present a broad range of potential risks to businesses subject to CCPA. In light of the many questions that surround CCPA’s private right of action, the extent of possible liability from private litigation is still largely unknown and potentially significant. The first wave of private lawsuits filed under the California Consumer Privacy Act (CCPA) has begun to roll in, and the complaints are already raising interesting questions about the scope of CCPA’s private right of action. The recent explosion in popularity of video conferencing and social media software in response to the COVID-19 pandemic—and the technical issues some of these products have experienced—has inspired its own wave of litigation,...

Continue Reading

Comprehensive Federal Privacy Law Still Pending

The California Consumer Privacy Act (CCPA) has forced companies across the United States (and even globally) to seriously consider how they handle the personal information they collect from consumers. By its terms, however, the CCPA only protects the privacy interests of California residents; other “copy-cat” privacy laws proposed or enacted in other states similarly would only protect the rights of residents of each state. Given the burden on businesses imposed by the rapid proliferation of privacy and data protection laws, including data breach notification obligations, requirements for data transfer mechanisms imposed by international data protection laws (such as the EU General Data Protection Regulation (GDPR)), and the imposition of a variety of data subject rights, a comprehensive US federal privacy bill appears increasingly overdue. In the past year, US legislators have proposed a wide variety of data privacy laws—none of which seems to have gained...

Continue Reading

CCPA Has Just Gone Into Effect, But Businesses May Need to Prepare for a New California Privacy Law

The California Consumer Privacy Act (CCPA) is not yet one month old, but movement has already started on a new California privacy law. In November 2019, the advocacy group Californians for Consumer Privacy, led by Alastair Mactaggart, the architect of CCPA, submitted a proposed California ballot initiative to the Office of the California Attorney General that would build upon the consumer privacy protections and requirements established by CCPA. In December 2019, as required under state law, California Attorney General Xavier Becerra released a title for and summary of the proposed ballot initiative, which will be known as the California Privacy Rights Act (CPRA). Key Provisions of the CPRA CPRA seeks to give California consumers additional control over and protection of their personal information in five core ways. CPRA would require businesses to disclose when and how automated decision making is used for decisions that significantly affect a consumer’s...

Continue Reading

CCPA and ‘Reasonable Security’: A Game Changer

On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) went into effect. The CCPA applies to a wide range of companies and broadly governs the collection, use and sale of personal information of California residents (i.e., consumers and certain other individuals) and households. The CCPA provides that consumers may seek statutory damages of between $100 and $750, or actual damages if greater, against a company in the event of a data breach of nonredacted and nonencrypted personal information that results from the company’s failure to implement reasonable security. The amount of the statutory damages depends on factors such as the nature and seriousness of the company’s misconduct, the number of violations, the persistence of the company’s misconduct, the length of time over which the misconduct occurred, and the company’s assets, liabilities and net worth. To defend against these consumer actions, a company must show that it has implemented...

Continue Reading

Though CCPA is Now Live, Questions About Its Constitutionality Linger

As businesses have scrambled to obtain compliance with the California Consumer Privacy Act (CCPA) in recent months, questions surrounding its constitutionality have arisen. As a broad, sometimes unclear state law that imposes significant obligations on businesses around the country, CCPA may be ripe for legal challenge. The strongest bases for such challenges appear to be: (1) that CCPA violates the “Dormant Commerce Clause”; and (2) that CCPA is impermissibly vague. Dormant Commerce Clause The burden that CCPA imposes on out-of-state economic activity may place it in violation of the Dormant Commerce Clause, a legal doctrine created out of the Commerce Clause of the US Constitution. The Commerce Clause allows the US Congress to regulate interstate commerce; from this grant of power, courts have inferred a limitation on the authority of states to regulate interstate commerce, a doctrine coined the Dormant Commerce Clause. On this basis, courts will strike...

Continue Reading

Little by Little, Attorney General Becerra Sheds Light on the CCPA in 2020

Minimal Changes Expected to the Final Regulations On October 10, 2019, the Attorney General issued his Proposed Text of Regulations, along with a Notice of Proposed Rulemaking Action and Initial Statement of Reasons. According to the Attorney General, the regulations will “benefit the welfare of California residents because they will facilitate the implementation of many components of the CCPA” and “provid[e] clear direction to businesses on how to inform consumers of their rights and how to handle their requests.” See Notice of Proposed Rulemaking, page 10. The deadline to submit public comments on the proposed regulations was December 6, 2019. The Office of the Attorney General (OAG) reported receiving about 1,700 pages of written comments from almost 200 parties. Despite this, the Attorney General stated in a news briefing that he does not expect the final regulations to include significant changes. The proposed regulations should give everyone a sense of...

Continue Reading

The GDPR’s Effects in China: Comparison with Local Rules and Considerations for Implementation

As Europe’s General Data Protection Regulation (GDPR) takes effect, companies around the world are racing to implement compliance measures. In parallel with the GDPR’s development, China’s new data protection framework has emerged over the past year and is in the final stages of implementing the remaining details. With similar and often overlapping obligations, full compliance with the GDPR and China’s data protection framework presents a significant new challenge for companies with operations in China. Does the GDPR Apply to Companies in China? The GDPR applies to the processing of personal data of people who are in the European Union, even for a controller or processor in China, where the processing of the data is related to: The offering of goods or services to the data subjects in the European Union, regardless of whether a payment is required; or The monitoring of people’s behavior in the European Union. As a result, even if a Chinese company does not...

Continue Reading

Financing High-Growth Health IT Companies: McDermott and Capstone’s Panel Recap from HIMSS 18

Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational sessions covered a wide range of health tech topics, with thought leaders, solutions developers, health system executives, patient advocates and care providers coming together to discuss the myriad obstacles and opportunities facing the health care technology industry today. On Tuesday March 6, during the HIMSS conference, McDermott Will & Emery along with our friends at Capstone Headwaters convened a panel discussion on “Financing High-Growth Healthcare IT Companies, which I had the pleasure of moderating. The seasoned mix of health care finance and private equity professionals discussed the various types and sources of capital available to fuel high-growth health IT organizations and how to choose the right mix of capital to...

Continue Reading

On the Digital Health Frontier: Developments Driving Industry Change in 2018

As digital health innovation continues to move at light speed, both new and incumbent stakeholders find themselves on a new frontier—one that challenges traditional health care delivery and payment frameworks, in addition to changing the landscape for product research, development and commercialization. Modernization of the existing legal framework has not kept pace with the rate of digital health innovation, leaving no shortage of obstacles, misalignment and ambiguity for those in the wake. What did we learn in 2017 and what’s to come on the digital health frontier in the year ahead? From advances and investments in artificial intelligence (AI) and machine learning (ML) to the increasingly complex conversion of health care innovation and policy, McDermott’s Digital Health Year in Review details the key developments that shaped digital health in 2017, along with planning considerations and predictions for the health care and life science industries in 2018. ...

Continue Reading

To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law

Although the Illinois Biometric Information Privacy Act has been on the books for almost 10 years, a recent surge in lawsuits has likely been brought on by developments in biometric scanning technology and its increased use in the workplace. At least 32 class action lawsuits have been filed in recent months by Illinois residents in state court challenging the collection, use and storage of biometric data by companies in the state. This could potentially cause a reevaluation of company strategies and development of new defenses in the use of advancing biometric technology. Read “To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law.”

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES