Last week, the New York Attorney General’s Office announced that Bombas had agreed to pay $65,000 and implement a number of injunctive provisions to settle allegations that the sock startup failed to comply with the state’s data breach notification statute. According to the press release, Bombas learned in November 2014, that an unauthorized intruder had inserted malicious code designed to steal payment card information into its ecommerce platform. Bombas allegedly waited almost two months…

On Tuesday and Wednesday of this week, the California Assembly voted to approve four bills to amend the California Consumer Privacy Act (CCPA). The legislation now moves to the California Senate. In total, the Assembly has approved ten CCPA amendments. Here’s the full list: Approved by the California Assembly – May 28 & 29 Assembly Bill 25: changes the CCPA so that the law does not cover collection of personal information from job applicants,…

On Wednesday, the California Assembly voted to approve two bills to amend the California Consumer Privacy Act (“CCPA”). The legislation now moves to the California Senate. In total, the Assembly has approved five CCPA amendments. Four bills remain pending before the full Assembly. Here’s the full list: Approved by the California Assembly This Week Assembly Bill 873: broadens the definition of “deidentified” and clarifies that “personal information” includes information that “is reasonably capable of…

In February, we posted that the California Attorney General and state Senator Hannah-Beth Jackson had announced a bill that would have materially expanded legal exposure for businesses under the CCPA. The most concerning parts of the bill were the attempts to expand the private right of action to cover privacy practices, while simultaneously removing companies’ rights to cure violations before facing a suit. Private Right of Action:  The enacted CCPA includes a private right of…

The CFPB released its proposed rule governing debt collection, which would impose new requirements for debt collectors related to when and how a consumer can be contacted, what can and must be said when a consumer is reached, and the procedures to validate and verify a debt.  Industry and other stakeholders have long anticipated the proposed rule, which follows a July 2016 outline of proposals and November 2013 Advanced Notice of Proposed Rulemaking, previously discussed…

Earlier this month, the Department of Justice released a White Paper and FAQ on the Clarifying Lawful Overseas Use of Data (CLOUD) Act. Enacted in March 2018, the CLOUD Act attempts to resolve the legal conflicts that arise when one country orders the disclosure of electronic data pursuant to a criminal investigation, but another country’s laws restrict or prohibit such disclosure. Communications service providers with customers, offices, and storage facilities worldwide often encounter this issue, and it…