California Enacts Strict Privacy Law

Last week, California Governor Jerry Brown signed into law AB 375, the so-called California Consumer Privacy Act of 2018. The Act was passed in order to defeat a stricter privacy-focused initiative set to appear on the November ballot, which we wrote about in May. The group behind that initiative withdrew it upon passage of the… Continue reading California Enacts Strict Privacy Law

Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion

Earlier this month, supporters of a proposed California data privacy initiative known as The California Consumer Privacy Act of 2018 (the “Act”) announced that they had collected 625,000 signatures for the initiative’s inclusion in the state’s November ballot. The number of collected signatures well exceeds the 365,880 count necessary under state regulations for inclusion of a… Continue reading Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion

New Privacy Legislation Introduced in the U.S. Senate

Last month, Senators introduced two bills aimed at increasing privacy protections for consumers.  The Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act would authorize the Federal Trade Commission (FTC) to promulgate regulations that improve consumer control over how data is collected and used.  The second piece of legislation, known as the Social Media… Continue reading New Privacy Legislation Introduced in the U.S. Senate

SEC Announces $35 Million Penalty for Yahoo Breach

The Securities and Exchange Commission today announced that Altaba, formerly known as Yahoo! Inc., agreed to pay a $35 million penalty arising out of a December 2014 data breach that affected hundreds of millions of user accounts. The SEC found that Yahoo misled investors by failing to report the data breach to the public until… Continue reading SEC Announces $35 Million Penalty for Yahoo Breach

Oregon’s New Breach Notification Deadline

Recently passed amendments to Oregon’s Consumer Identity Theft Protection Act take effect on June 2, 2018. One of the most significant changes is to require notice to consumers, and Oregon’s Attorney General if the breach impacts more than 250 consumers, “not later than 45 days after discovering or receiving notification of the breach of security.”… Continue reading Oregon’s New Breach Notification Deadline

GDPR Non-Compliance: Enforcement and Penalties

The GDPR sets out a new investigation and enforcement scheme for supervisory authorities that contains both enumerated and discretionary powers. Supervisory authorities will now possess broad investigative and enforcement powers, including the ability to issue penalties to data controllers and processors for non-compliance. Depending on the type of violation, these penalties can be severe. The… Continue reading GDPR Non-Compliance: Enforcement and Penalties

72-Hour Breach Notification Rule

One of the most talked-about provisions in the GDPR is a new 72-hour breach notification requirement. Article 33 of the GPDR mandates that “in the case of a personal data breach, data controllers shall without undue delay” notify the supervisory authority “not later than 72 hours after having become aware of” the breach. The Article… Continue reading 72-Hour Breach Notification Rule