Latest Articles

For good reason, there has been much discussion about the new privacy rights created by the California Consumer Privacy Act of 2018 (CCPA), which becomes effective January 1, 2020. Perhaps one of the most significant provisions of the CCPA, though, will be one that has been somewhat overlooked: Section 1798.150, which provides for statutory damages of between $100 and $750 per consumer per incident for certain data breaches. Indeed, had California enacted Section 1798.150 alone,…
As we discussed in our prior alert, California voters had been poised to consider a citizen-initiated ballot measure that would have significantly expanded the privacy rights of California citizens and provided substantial penalties for noncompliant companies. In response to that ballot measure, the California legislature hastily pushed through privacy legislation despite the “grave, grave concerns” expressed by lawmakers. Lawmakers were willing to enact the flawed legislation based on an assurance from the…
As we discussed in our prior alert, California voters had been poised to consider a citizen-initiated ballot measure that would have significantly expanded the privacy rights of California citizens and provided substantial penalties for noncompliant companies. In response to that ballot measure, the California legislature hastily pushed through privacy legislation despite the “grave, grave concerns” expressed by lawmakers. Lawmakers were willing to enact the flawed legislation based on an assurance from the…
With more than double the number of required signatures well ahead of the verification deadline late this month, the citizen-initiated measure “The California Consumer Privacy Act of 2018” appears headed for the statewide ballot on November 6. If approved by a majority of Golden State voters, the ballot measure would greatly expand right-to-know and opt-out requirements, subjecting covered businesses to increased costs for compliance and strict liability for any violations.…
With more than double the number of required signatures well ahead of the verification deadline late this month, the citizen-initiated measure “The California Consumer Privacy Act of 2018” appears headed for the statewide ballot on November 6. If approved by a majority of Golden State voters, the ballot measure would greatly expand right-to-know and opt-out requirements, subjecting covered businesses to increased costs for compliance and strict liability for any violations.…
Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third parties, and notify affected individuals of data breaches in the shortest time frame in the country. The new law was spearheaded by the Colorado Attorney General’s office, which is charged with enforcing its requirements. As a result of…
The Arizona Legislature has significantly expanded and strengthened the state’s data breach notification law. The legislation was signed by Arizona Governor Doug Ducey on April 11, 2018. Members of Ballard Spahr’s Privacy and Data Security Group will host a webinar on Wednesday, April 25, 2018, at noon PT/1 p.m. MT/3 p.m. ET to provide in-depth analysis of the new law and place it into context with similar legislation enacted by other states over the past…
On March 6, 2018, the FTC hosted a live Twitter chat to mark the twentieth anniversary of the Children’s Online Privacy Protection Act (COPPA).  The stated purpose of the chat was to discuss the FTC’s work to enforce COPPA and to ensure the FTC’s rule implementing the law stays in step with evolving technologies and data collection practices. The chat began with the FTC pointing to its published FAQs, as well as two recent…
In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers. Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations. The bills are a reaction to Equifax’s data breach disclosure last summer. In prior alerts and articles, we discussed proposed legislation in Arizona
A bipartisan group of Colorado legislators proposed legislation that, if enacted, would significantly change the requirements for how Colorado entities protect, transfer, secure, and dispose of documents containing personal identifying information. The proposed legislation also would expand the types of information covered by the Colorado Breach Notification Law and add additional requirements for companies that have suffered a data breach, such as a 45-day deadline to provide notice to affected individuals. Click here for a discussion…