CyberAdviser

Insights from the frontlines of privacy and data security law

California AG Releases Proposed CCPA Regulations

By Philip N. Yannella, Kim Phan, Gregory P. Szewczyk & Katie Morehead on October 10, 2019

The California Attorney General’s Office released its long-awaited proposed CCPA Regulations this afternoon. The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should: provide just in time notice to consumers of personal information collected; provide notice to consumers of the right to opt out of the sale of personal information; provide notice to consumers of financial incentives; provide a CCPA compliant privacy policy; provide methods for consumers to submit requests to…

CyberAdviser

Making Sense of EU Cookie Law in the Wake of CJEU’s Planet49 Ruling

By Philip N. Yannella on October 3, 2019

The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still remain. A main source of confusion about cookies is the interplay between two EU privacy laws, the ePrivacy Directive and the GDPR. The former governs, among other things, the placement of cookies and marketing pixels on the…

CyberAdviser

FinCEN Director Blanco Addresses “Cyber Hygiene”

By Brad Gershel on September 26, 2019

Remarks Focus on Account Takeovers, BEC Schemes, Beneficial Ownership, Technological Innovation and SARs FinCEN Director Kenneth A. Blanco delivered prepared remarks on September 24 at the 2019 Federal Identity (FedID) Forum and Exposition in Tampa, Florida. Director Blanco summarized the topics of his remarks by stating the following: First, I would like to tell you a little about FinCEN. Who we are, what we do, and why I am here to speak with you today.…

CyberAdviser

A Closer Look at Automatic Renewal Laws

By Philip N. Yannella & Katie Morehead on September 25, 2019

Over the past several years, state legislatures have become more aggressive in passing laws to protect consumers’ digital rights. The promulgation of state data security and privacy laws, such as the California Consumer Privacy Act, is a prime example of this trend. Another less publicized example of state oversight of online activities is legislation regulating automatic renewals, which have become very common and present new and little appreciated regulatory and litigation risks. Here’s a quick…

CyberAdviser

California Legislature Adopts Five Amendments to CCPA, But Largely Rejects Industry Efforts

By Gregory P. Szewczyk & Philip N. Yannella on September 16, 2019

marketing-segmentation-picture-id469202236

On September 13, 2019—the last day of the legislative session—California lawmakers approved five amendments intended to clarify the scope of the California Consumer Privacy Act (the “CCPA”), but rejected several industry-backed proposals that would have exempted personal information used for targeted advertising and loyalty programs. Five amendments passed: AB 25, 874, 1146, 1355, and 1564. As we have noted in prior posts, the version of AB 25 that ultimately made it through the legislature…

CyberAdviser

Delaware and New Hampshire Join Growing List of States With New Insurance Data Security Laws

By Malia K. Rogers, Gregory P. Szewczyk & Philip N. Yannella on August 9, 2019

Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s law enacted a few days earlier. Notably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity Regulations model, Delaware and New Hampshire followed South Carolina, Ohio, Michigan, and Mississippi in adopting a version of the model…

CyberAdviser

Connecticut Becomes Latest State to Enact Insurance Data Security Law

By Gregory P. Szewczyk & Philip N. Yannella on August 2, 2019

On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”). In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi as states that have enacted information security laws for insurance companies. However, whereas the recent trend has been to follow…

CyberAdviser

Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order

By Philip N. Yannella, Kim Phan & Katie Morehead on July 24, 2019

Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines, arising from its violation of a 2012 consent order with the FTC. According to the FTC, this is the largest fine ever levied by a U.S. regulatory agency against a company for a privacy or data security violation by a…

CyberAdviser

Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach

By Philip N. Yannella, Kim Phan & Katie Morehead on July 23, 2019

Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date.…

CyberAdviser

New York State Data Privacy Law Fails

By Philip N. Yannella on July 19, 2019

New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead. New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA in many ways. The law would have applied to non-profits as well as for profits, and included a private right…

CyberAdviser

Insights from the frontlines of privacy and data security law

Blog Authors

California AG Releases Proposed CCPA Regulations

Making Sense of EU Cookie Law in the Wake of CJEU’s Planet49 Ruling

FinCEN Director Blanco Addresses “Cyber Hygiene”

A Closer Look at Automatic Renewal Laws

California Legislature Adopts Five Amendments to CCPA, But Largely Rejects Industry Efforts

Delaware and New Hampshire Join Growing List of States With New Insurance Data Security Laws

Connecticut Becomes Latest State to Enact Insurance Data Security Law

Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order

Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach

New York State Data Privacy Law Fails

Company

Support

New to the Network

Blog Authors

Latest from CyberAdviser