Latest Articles

California Senate Bill 206,[1] the “Fair Pay to Play Act,” was amended again last month, and is making its way through the legislature under sponsorship by Sen. Nancy Skinner-D and Sen. Steven Bradford-D. If passed, the new law would pave the way for college athletes in California to earn compensation—including a stipend or other financial incentive from the college itself—for licensing their name, image, or likeness. The law would also allow athletes to obtain…
The Governor of Massachusetts has just signed into law amendments to the state’s data breach notification law. The amendments will go into effect April 11, 2019. Under the amended law, companies whose breaches involve Social Security numbers must provide free credit monitoring services to affected individuals. The services must last 18 months (42 months if the breached company is a credit reporting agency). Companies can’t require individuals to waive their rights to sue in order…
As we previously reported the EU and Japan reached a tentative deal last summer to ease data transfer restrictions between them. That deal has now been approved by both the European Commission and by Japan and is effective immediately. When the tentative deal was reached, Japan promised to add several new data protection safeguards. Those included new individual rights and limits on further transfers to third countries. Japan also agreed to limit government access to…
The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing guidance in 2014, the new guidance reflects concerns about the rapidly-changing nature of cybersecurity threats, and the potentially grave consequences of cybersecurity incidents involving healthcare and medical devices—particularly medical devices which connect to the internet, networks, or other devices. The draft guidance gives…
Christie’s made history again last night during its evening sale, An American Place: The Barney A. Ebsworth Collection, at 20 Rockefeller Center in New York. This time, the history was not in the form of a record-setting sale (though the sale brought in $317.8 million), but as the first major art auction to be recorded by distributed ledger technology. Christie’s teamed with Artory, a company that operates an art-focused, blockchain-based registry, to securely…
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted to a public file-sharing website the payroll data of nearly 100,000 employees (including names, addresses, dates of birth, national insurance numbers and bank details). The employee was found criminally liable in 2015 and jailed for eight years. A…
The French data protection authority CNIL has received 3,767 data protection complaints since EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. According to CNIL this is a 64 percent increase compared to the same four-month period last year. CNIL also reported that it has received 600 data breach notifications during the same period. CNIL is in the process of developing new French regulatory tools under GDPR. It has already developed…
For centuries, artists have been celebrated for pushing boundaries and shaping how society should view art. As members of the audience, we rely on artists to expose us to these unique dimensions of thought and we return the favor by placing value on their creations. For the past twenty years, one anonymous artist has continuously thrilled his audience by publicly displaying his work throughout the streets of major cities. Banksy, as the public knows him,…
French data protection authority CNIL has issued a fine against company Assistance Centre d’Appel related to the use of biometric technology in the workplace. During an audit at the end of 2016, CNIL found that the company was using fingerprint timeclocks to track employee hours without prior authorization from CNIL as required by the French Data Protection Act. In France, an employer may not use biometric data to monitor employees’ hours absent prior approval from…