Will the CPRA require that businesses impose additional contractual requirements on service providers?
Congress Sends Bipartisan ‘Internet of Things’ Bill to President Trump
On November 17, 2020, H.R. 1668, the “Internet of Things Cybersecurity Improvement Act of 2020”, was unanimously passed by the Senate. The bill is now on its way to President Trump for signature or veto.
The bill would require the National Institute of Standards and Technology (“NIST”) and the Office of Management and Budget (“OMB”) to take certain steps to increase cybersecurity for Internet of Things (“IoT”) devices. IoT describes the extension of internet…
EU Parliament Approves Collective Redress Directive
On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers (the “Collective Redress Directive”). The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress. The Collective Redress Directive was presented in April 2018 by the…
Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. (“Home Depot”) agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014. The $17.5 million payment will be divided among the 46 participating states and the District of Colombia. We previously reported on a settlement Home Depot reached in 2017 to resolve a putative class…
Responding to Cyber-Attacks in the Utility and Energy Sectors
To assist utilities with assessing and responding to cyber risks, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) recently issued a report on best practices to respond to and recover from cybersecurity incidents in the utility industry.
Like other industries, the utility industry is at high risk for cyber-attacks by bad actors or nation states. Following the cyber-attack against a pipeline earlier this year, [view related post], FERC…
Massachusetts Ballot Question 1 Still on the Forefront as Automakers Sue to Block its Implementation
A group of automakers through the Alliance for Automotive Innovation is suing Massachusetts in federal court to block the new ‘Right to Repair’ law that passed on November 3rd. This law was known as “Question 1” to Massachusetts residents hitting the polls earlier this month. As we discussed in our prior blog post, the new state law expands access to certain diagnostic and repair data collected by onboard computer systems that is currently only…
Home Depot Settles Data Breach Multi-state Enforcement Action for $17.5 Million
Home Depot has agreed to settle a multi-state enforcement action by 46 U.S. states and Washington, D.C. arising from the data breach that occurred in 2014. Home Depot has agreed to pay $17.5 million to put the enforcement action behind it. The investigation was led by the Attorneys General of Connecticut, Illinois and Texas.
The multi-state investigation followed Home Depot’s data breach that affected 40 million customers who used self-checkout terminals in its U.S. and…
Is Your Business Collecting COVID-19-Related Employee Data? If So, You May Need to Update Your CCPA Employee Notice
The California Consumer Privacy Act (CCPA) requires businesses covered by the CCPA to notify their employees of the categories of personal information the business collects about employees and the purposes for which the categories of personal information are used. The categories of personal information are broadly defined in the CCPA and include personal information such as medical information, geolocation data, biometric information, and sensory data.
As a result of the COVID-19 pandemic, many businesses are…
Grand Jury Indicts Chinese Energy Company, U.S. Oil and Gas Affiliate, and Chinese National on Trade Secrets Charges
A new indictment alleging misappropriation of U.S. oil and gas trade secrets by a Chinese energy company, its U.S.-based affiliate, and an executive is another example in a recent string of prosecutions for trade secrets theft involving China, a topic that we have covered on the blog here.…
Privacy Tip #261 – Online Shopping Tips for the Holidays
I have done more online shopping this year than ever before, and I know that I am not alone. With the holidays approaching, this will only increase because of the pandemic, and hackers and fraudsters know it.
A recent report by GBG entitled “GBG State of Digital Identity: 2020,” states that 47 percent of individuals have open up a new online shopping account, 31 percent have opened a new social media account and 35 percent…