Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers, in part, customer web browsing history, application usage history, and geolocation information. An internet service provider may only use, disclose, sell or permit access to such information with either the customer’s consent or by complying with one of the few outlined exceptions in…

The SEC recently issued a risk alert warning about using vendors and cloud-based platforms. Many broker dealers and investment advisors are turning to these third parties to store customer data. In its alert, the SEC’s Office of Compliance Inspections and Examinations warns firms that relying on those third parties’ security tools is not, in and of itself, sufficient for the companies to demonstrate compliance with Regulations S-P and S-ID. These regulations require broker-dealers and investment…

Washington State will have new restrictions on what employers can ask applicants regarding their wage and salary history starting July 28, 2019. The new legislation will prohibit employers from seeking wage or salary history from job applicants in the state. Additionally, employers will not be able to require that an applicant’s prior salary history meet certain criteria. There are some limited exceptions to this general rule. First, employer can confirm an applicant’s wage or salary…

The Online Interest Based-Advertising Accountability Program, which enforces privacy principles for digital advertising, recently announced its 100th action. In announcing this landmark, the Accountability Program looked back at the nature of the cases it has brought, noting that it has covered both desktop and mobile issues, and its focus has fallen into a few key categories. These include providing consumers with “enhanced notice” of behavioral advertising activities and ensuring that opt-out tools exist (and that…

California legislators have passed many bills to amend the California Consumer Protection Act since the law was passed. Last week there was significant developments in the status of those bills, as we reported. In addition to dropping the concept of a private right of action for non-breach matters, there are other key things to keep in mind. Some are good news for corporations, but some pending bills that would have helped clarify the law are not moving forward.…

“Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data online, and are thus are susceptible to hacking and listening in. Proposed legislation recently introduced in both the Senate (…

Whether your favorite movie is The Wizard of Oz or The Princess Bride, we can all agree there is some good news about the California Consumer Privacy Act (CCPA) this Friday afternoon! SB 561 appears to have (mostly) died in the Senate Appropriations Committee during a hearing held yesterday. While the act as originally drafted only provided for Attorney General enforcement (except for one section addressing data security breaches), SB 561 added a private right…