CyberAdviser

Insights from the frontlines of privacy and data security law

Blog Authors

AB C DEF G HIJ K L MNO PQR S TUVWXYZ

Stephanie I. Awanyai

David L. Axelrod

Latest from CyberAdviser

CyberAdviser

Federal Court Dismisses CCPA Claim Against Marriot International, Inc. For Lack of Standing

By Gregory P. Szewczyk, Philip N. Yannella, Scott S. Humphreys & Mudasar Khan

January 15, 2021

On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott International, Inc. The holding, which dismissed the claims for lack of standing, will likely play a role in a number of CCPA cases that have motions to dismiss pending. The case stems from a cybersecurity breach announced by Marriott on March 31, 2020, in…

CyberAdviser

Federal Court System—And Possibly Sealed Filings—Breached in Connection With SolarWinds Hack

By Mudasar Khan, Gregory P. Szewczyk & Philip N. Yannella

January 13, 2021

The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products. The AO noted that it is currently working with the Department of Homeland Security on an audit of security vulnerabilities that may pose a confidentiality risk for non-public documents stored on CM/ECF. In…

CyberAdviser

OCR Issues Guidance Related to PHI Disclosures During COVID

By Edward I. Leeds & Eric K. Temmel

January 8, 2021

On December 18, 2020, the United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued guidance specific to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the COVID-19 public health emergency. The guidance addresses permitted HIPAA disclosures of Protected Health Information (“PHI”) by covered entities and business associates via health information exchanges (“HIEs”) for certain public health purposes.…

CyberAdviser

New York Proposes Biometric Privacy Bill With Private Right of Action

By Gregory P. Szewczyk & Mudasar Khan

January 7, 2021

On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as states that have adopted laws that strictly regulate the notice, collection, and handling of biometric information. Significantly, however, it would join Illinois as only the second state to provide a private right of…

CyberAdviser

FTC Seeks Privacy Information from Social Media and Video Streaming Companies

By Priscilla G. Osei-Bonsu & Kim Phan

December 22, 2020

On December 14, 2020, the Federal Trade Commission (FTC) announced in a press release that it is issuing orders under the FTC’s authority in Section 6(b) of the FTC Act to the following nine social media and video streaming companies: Amazon.com, Inc., ByteDance Ltd. (which operates the short video service TikTok), Discord Inc., Facebook, Inc., Reddit, Inc., Snap Inc., Twitter, Inc., WhatsApp Inc., and You Tube LLC. The FTC made publicly available samples of the…

CyberAdviser

Federal Agencies Consider Requiring Reporting of Computer Security Incidents

By Philip N. Yannella, Kim Phan & Sarah B. Dannecker

December 21, 2020

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents that could result in a banking organization’s inability to deliver services to a material portion of its customer base, jeopardize…

CyberAdviser

DISH Network Agrees to Pay $210 Million for Vendors’ Violations in Historic Department of Justice Telemarketing Enforcement Action

By Michael Fausey

December 18, 2020

A recent settlement between the U.S. Department of Justice and a media conglomerate underscores the importance of implementing robust Telephone Consumer Protection Act compliance measures, including for third-party vendors. In 2017, a jury found DISH Network LLC liable for its vendors’ violations of the Telemarketing Sales Rule and the Telephone Consumer Protection Act, as well as several state statutes. Earlier this year, the Seventh Circuit affirmed DISH’s liability, but vacated the award and…

CyberAdviser

California Attorney General Shows No Sign of Slowing CCPA Rulemaking with Fourth Set of Proposed Modifications

By Mudasar Khan, Gregory P. Szewczyk & Philip N. Yannella

December 14, 2020

The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”). As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020. The third set of modifications revised the regulations relating to the notice of a consumer’s right to opt-out of the sale of their personal information. Our previous post detailed the specific…

CyberAdviser

Congress Sends Bipartisan ‘Internet of Things’ Bill to President Trump

By Mudasar Khan & Gregory P. Szewczyk

November 25, 2020

On November 17, 2020, H.R. 1668, the “Internet of Things Cybersecurity Improvement Act of 2020”, was unanimously passed by the Senate. The bill is now on its way to President Trump for signature or veto. The bill would require the National Institute of Standards and Technology (“NIST”) and the Office of Management and Budget (“OMB”) to take certain steps to increase cybersecurity for Internet of Things (“IoT”) devices. IoT describes the extension of internet…

CyberAdviser

California Voters Approve CPRA

By Mudasar Khan, Gregory P. Szewczyk & Philip N. Yannella

November 7, 2020

On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”). As background, the original CCPA emerged in 2018 as a compromise between legislators and the advocacy group, Californians for Consumer Privacy, which had secured…

CyberAdviser

Insights from the frontlines of privacy and data security law

Blog Authors

Federal Court Dismisses CCPA Claim Against Marriot International, Inc. For Lack of Standing

Federal Court System—And Possibly Sealed Filings—Breached in Connection With SolarWinds Hack

OCR Issues Guidance Related to PHI Disclosures During COVID

New York Proposes Biometric Privacy Bill With Private Right of Action

FTC Seeks Privacy Information from Social Media and Video Streaming Companies

Federal Agencies Consider Requiring Reporting of Computer Security Incidents

DISH Network Agrees to Pay $210 Million for Vendors’ Violations in Historic Department of Justice Telemarketing Enforcement Action

California Attorney General Shows No Sign of Slowing CCPA Rulemaking with Fourth Set of Proposed Modifications

Congress Sends Bipartisan ‘Internet of Things’ Bill to President Trump

California Voters Approve CPRA

Stay Connected

Company

Products

Support

New to the Network