Will the CCPA be the New TCPA for Plaintiffs?

Last year, the California legislature enacted the California Consumer Privacy Act (the “CCPA”), which imposes key data privacy requirements on businesses collecting or storing data about California residents.  The CCPA provides for civil penalties imposed by the California Attorney General (“AG”) and creates a private right of action for those residents impacted by a data breach.  While the CCPA does not go into effect until January 1, 2020, businesses that will likely be subject to the new law have been busy evaluating compliance measures, as the window between enactment and implementation is quickly closing.

Almost 30 years ago, the federal Telephone Consumer Protection Act (the “TCPA”) was likewise implemented to protect consumers when enacted in 1991, but the law was focused on public concern with telemarketing communications at the time.  The amount of litigation, and the number of class actions, under the TCPA has grown exponentially since then, with the U.S. Chamber Institute for Legal Reform reporting a 1,272% increase in TCPA lawsuits from 2010 to 2016. Continue Reading

Did You Miss Our Recent CCPA webinar? Understanding and Preparing for the California Consumer Privacy Act

We have scheduled a make-up session with CLE for June 4, 2019 at 3p EST.

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, regardless of where the business is based. The Act will impact information regarding not only consumers, but also employees and business contacts. Continue Reading

No More Games! The CNIL Publishes its 2018 and 2019 Activity Report

The CNIL blows the whistle for the end of the transition period.  For the first time, the CNIL’s 2019 investigation program is not specific to an industry and potentially impacts controllers and processors throughout all sectors of business. Going forward, the CNIL will also be more thorough and less lenient.

2019 Program

Investigation program

CNIL’s yearly investigation programs account for approximately one quarter of its investigations. This year’s program will focus on three major areas:

  • The complaints it receives (either collective or individual). These complaints, or the exercise of data subjects rights, represented about 73.8 % of all complaints received in 2018.
  • The sharing of responsibilities between processors and subcontractors, which is a cross-sector topic.
  • The data of children (including what data is collected, i.e., photos, biometric data and CCTV in schools, as well as parental consent for children under 15).

As in previous years, the CNIL will also:

  • Investigate complaints and the reports sent to the CNIL.
  • Follow up on past procedures.
  • Gather information from various news sources.

Finally, the CNIL will continue the cooperation initiated in 2018 with its other national Supervisory authorities, such as joint control operations.

Continue Reading

Have You Paid Your Data Protection Fee?

The ICO has issued a penalty notice to over 100 organisations for failing to pay their data protection fee. Failing to pay this fee due to an innocent mistake may not be accepted as a viable excuse, as demonstrated by the recent judgement in Farrow & Ball Limited v The Information Commissioner (Dismissed) [2019] UKFTT 2018_0269 (GRC).

Under the Data Protection (Charges and Information) Regulations 2018, UK organisations are required to pay the ICO an annual data protection fee unless they are exempt. The fee payable depends on the tier of the organisation, and ranges from £40 to £2,900. Continue Reading

The Un-healthiness of the Australian Health Sector’s Data Security

More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,[1] statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an  industry scale.
Continue Reading

The Czech Republic: GDPR Adaptation Legislation Becomes Effective

On Wednesday, April 24, 2019, the new data protection legislation was published in the Czech Collection of Laws and became effective. In doing so, the Czech Republic remedied its legislative deficiency, as it was one of the last EU states lacking the data protection adaptation legislation. (The overview of the current state of GDPR implementation in the Member States can be found here).

Continue Reading

Join Us– Webinar: Understanding and Preparing for the California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will impose burdensome GDPR-like transparency and individual rights requirements on almost every company that handles “personal information” regarding California residents, regardless of where the business is based. The Act will impact information regarding not only consumers, but also employees and business contacts.

Join us for a webinar on May 7, 2019, when Elliot GoldingPhil Zender and Ivan Rothman will provide an overview of the CCPA and discuss the act’s:

  • Scope and applicability (e.g., what companies, data and processes will be impacted)
  • Key requirements (e.g., privacy statement, individual rights, etc.)
  • Contextual comparisons to existing US law and GDPR
  • Suggested steps to build a CCPA compliance program efficiently and effectively
  • Practical tips to manage risk and leverage existing compliance processes where possible

Attendees will have the opportunity to ask questions during the program, with a full Q&A session to follow.

If you would like to attend, or have colleagues who would, please register any interested parties.

Can Police Require Individuals to Unlock Their Smartphones?

Recently Chase Goldstein and Thomas Zeno contributed to our Anticorruption Blog. Their article reviews whether police can force individuals to unlock their smartphones. To unlock or not to unlock? Different rules apply depending on where you are located, as the states of Massachusetts and have seen conflicting rulings. There is also an international dimension, illustrated by a recent decision from Israel. In short, travelers must beware.

Read the full post online.

 

LexBlog