Despite the global pandemic, the California Attorney General will begin enforcing the California Consumer Privacy Act on July 1 as planned, so even in this new work-from-home environment, businesses must continue to work towards compliance and resolve any open issues.…
In the wake of the COVID-19 crisis, much of the workforce has shifted to working remotely, with many workers operating out of makeshift “offices” they created in their homes with little or no warning. Along with this remote work comes…
On February 7, 2020, California Attorney General Xavier Becerra published modified regulations for the California Consumer Privacy Act after reviewing the public comments received on the initial draft regulations. While the modified regulations provide some much-needed clarity, they also leave…
It is evident that a company must invest in its privacy practices to meet legal requirements if it wants to avoid investigation costs and potential civil penalties. But can investment in privacy, data security, and data management bring benefits to…
In the absence of a comprehensive federal data privacy and data security law, states continue to fill the gap. The California Consumer Privacy Act took effect on January 1, 2020, and several other states have similar laws under consideration. Nevertheless,…
FERPA is a U.S. law, passed in 1974, that protects the privacy of student educational records. FERPA applies to all schools, from elementary schools to postsecondary education institutions, that receive federal funds under a program of the U.S. Department of…
The Ninth Circuit Court of Appeals has written the latest chapter of the ongoing saga of Article III standing for violations of the Illinois Biometric Information Privacy Act (“BIPA”). BIPA requires, among other things, that before collecting a person’s biometric…
A suburban Philadelphia county is facing a judgment of up to $67 million after a Pennsylvania federal jury found that it violated the Pennsylvania Criminal History Record Information Act. Pennsylvania’s Criminal History Record Information Act (“CHRIA”) governs the dissemination of…
Well thought-out internal privacy policies and procedures are an essential part of any company’s information management program. These internal policies should not be confused with a company’s external privacy notice, which informs the company’s customers as to how it may…
The U.S. Supreme Court on Wednesday remanded a class action against Google so that the lower courts could determine whether any of the named plaintiffs have standing under Spokeo, Inc. v. Robbins. The underlying suit alleged violations of the Stored…
