On May 4, 2020, the European Data Protection Board adopted updated guidelines on what does and does not constitute consent under the General Data Protection Regulation (GDPR) in certain situations. Consent is one of the lawful bases to process personal…
Blog Archives
The Children’s Online Privacy Protection Act and Online Learning
With schools across the nation closing their physical locations and moving to an online learning environment, it is important for school officials to understand their obligations under the Children’s Online Privacy Protection Act (COPPA). COPPA regulates the collection of personal…
Plaintiffs Allege Security Promises Ring False
John and Jennifer Politi, purchasers of several Ring products, have filed a putative class action lawsuit against Ring, LLC arising out of Ring’s alleged failure to implement industry standard security features into its products. The case has been consolidated with…
Posted in Internet of Things, Litigation
What Is A “Reasonable Link” Under CCPA?
On February 7, 2020, California Attorney General Xavier Becerra published modified regulations for the California Consumer Privacy Act after reviewing the public comments received on the initial draft regulations. While the modified regulations provide some much-needed clarity, they also leave…
Is Privacy Profitable?
It is evident that a company must invest in its privacy practices to meet legal requirements if it wants to avoid investigation costs and potential civil penalties. But can investment in privacy, data security, and data management bring benefits to…
In Search Of A Federal Data Privacy Law
In the absence of a comprehensive federal data privacy and data security law, states continue to fill the gap. The California Consumer Privacy Act took effect on January 1, 2020, and several other states have similar laws under consideration. Nevertheless,…
New York AG Files Lawsuit Against Dunkin’ Donuts For Attacks On Customer Accounts
On September 26, 2019, New York Attorney General Letitia James filed a lawsuit against Dunkin’ Brands, Inc., the franchisor of Dunkin’ Donuts (“Dunkin’”). The lawsuit involves security issues surrounding Dunkin’s stored value cards, which customers can use to purchase Dunkin’…
Posted in Data Breach, Data Security
Privacy Primer: Family Educational Rights and Privacy Act (FERPA)
FERPA is a U.S. law, passed in 1974, that protects the privacy of student educational records. FERPA applies to all schools, from elementary schools to postsecondary education institutions, that receive federal funds under a program of the U.S. Department of…
Ninth Circuit Finds Article III Standing For Procedural Violation Of Biometric Privacy Law
The Ninth Circuit Court of Appeals has written the latest chapter of the ongoing saga of Article III standing for violations of the Illinois Biometric Information Privacy Act (“BIPA”). BIPA requires, among other things, that before collecting a person’s biometric…
Year To Date Changes To State Data Breach Notification Laws
With so much attention being paid to the impending California Consumer Privacy Act, it can be easy to forget that other states have privacy and data security laws too. And those laws change routinely, with potentially significant impacts on businesses. …
