Illinois Joins States Requiring Breach Notice to AG
Illinois has updated its breach notice law to require, effective January 1, 2020, notice to the Illinois Attorney General of a data breach involving more than 500 Illinois residents.…
Eye On Privacy
Timely Updates and Analysis on Privacy and Cybersecurity Issues
Latest from Eye On Privacy
New York SHIELD Act Expands Breach Notice Requirements Starting in October
By Liisa Thomas, Kari Rollins, Elfin Noce & Rebecca Mackin on
As we recently reported, New York’s new SHIELD Act contains data security provisions. It also contains a number of key changes to New York’s existing breach notification obligations. These changes will become effective October 23, 2019.…
Preparing for New York’s New Data Security Requirements
By Liisa Thomas, Kari Rollins & Elfin Noce on
New York recently passed the SHIELD Act, which, among other things, newly establishes data security requirements for companies that collect private information about New York residents. The data security protections required by the Act go into effect in March 2020. Companies that are already subject to and compliant with data security requirements under HIPAA, GLBA, or the NYDFS will be deemed compliant with this new law. Between now and March companies will want to think about…
Brazil’s New Privacy Law One Year Away
By Liisa Thomas on
Global corporations will soon have another privacy law acronym to address. In one year (August 2020), Brazil will join the fray with its own general privacy law, the Lei Geral de Proteção de Dados Pessaoais (General Data Privacy Law or LGPD). The law was passed in 2018, and is set to go into effect a year from now. While the law was designed to be similar to the EU’s GDPR, it is not identical. Individuals…
Processor or Controller? It Really Depends
By Rebecca Mackin on
The European Data Protection Board and the European Data Protection Supervisor recently issued a joint opinion on the processing of personal data and the role of the European Commission within the eHealth Digital Health Service Infrastructure. As background, the eHealth Network is a network of eHealth authorities designated by the EU member states. Its main purpose is ensure the continuity of cross-border healthcare of patients as they move throughout the EU. To realize this goal,…
Singapore Appoints Its First Ever Accountability Agent Under the CBPR System
By Rebecca Mackin on
On July 23, 2019, APEC issued a press release announcing Singapore’s appointment of the Infocomm Media Development Authority (IMDA) as its accountability agent. Singapore joined the APEC Cross-Border Privacy Rules (CBPR) system in March 2018 and is the third economy after the United States and Japan to operationalize the system.…
Utility Provider Settles Call Recording Lawsuit for $3.7 Million
By Robert Hough & Sarah Williamson on
Tiger Natural Gas, Inc. recently settled a class action privacy suit alleging that it illegally recorded sales calls with over 27,000 potential customers. Although Tiger hired a third party to handle its telemarketing, Tiger will pay $3.7 million on the claims as the advertiser with ultimate liability for non-compliance. According to the plaintiffs, neither company told the consumers the calls were recorded, as is required under California’s call recording law.…
French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data
By Alyssa Shauer on
CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing the text of a certain URL, a Sergic user could retrieve sensitive files that another home rental candidate had…
FTC Seeks Comments on COPPA Rule
By Liisa Thomas & Rebecca Mackin on
The Federal Trade Commission is requesting comments and input on the effectiveness of the 2013 amendments it made to the Children’s Online Privacy Protection Rule. Although the FTC typically reviews its rules every ten years, it is doing so early because of rapid changes in and children’s expanded use of technology. Part of the input it is seeking is whether the COPPA Rule should be updated again. Among the specific input the FTC has requested,…
Privacy Developments in China, Singapore and Hong Kong
By Liisa Thomas on
International companies should keep in mind recent developments coming out of Asia on the privacy front. Chinese authorities are reported to be confiscating smartphones at the border to install surveillance apps. Companies will want to think carefully about the assets they bring into the country. They will also want to keep in mind the Chinese Ministry of Public Security’s ability to conduct remote penetration tests, perform in-person network security inspections (which may involve local police),…