Oregon’s IoT Security Law

Earlier this year, Oregon passed H.B. 2395 that requires “reasonable security features” on internet-connected devices. The new law, which takes effect on January 1, 2020, applies to “a person that makes a connected device and sells or offers to sell the connected device” in Oregon.  “Connected device” means “any device or physical object that connects… Continue reading Oregon’s IoT Security Law

Recent Amendments to Oregon’s Data Breach Law

Oregon recently amended its data breach notification statute, now called the “Oregon Consumer Information Protection Act.”  The amendments, which go into effect on January 1, 2020, include the following changes: Expanding the definition of “personal information” to include “[a] user name or other means of identifying a consumer for the purpose of permitting access to the… Continue reading Recent Amendments to Oregon’s Data Breach Law

Does Your Website Need to be ADA Compliant? Maybe.

The Ninth Circuit Court of Appeals recently found that the American with Disabilities Act (“ADA”) applies to websites and apps in some circumstances. The ruling may impact any business in Oregon, Washington, or California that offers goods or services at a physical location and also facilitates access to those goods or service via a website… Continue reading Does Your Website Need to be ADA Compliant? Maybe.

New Guidance on the Territorial Scope of the GDPR

We previously posted about the territorial scope of the EU’s General Data Protection Regulation (“GDPR”). Last month, the European Data Protection Board issued draft Guidelines to help companies outside of the EU determine whether the GDPR applies to them. Here are some key provisions: Establishment in the EU Under Article 3(1), controllers and processors established… Continue reading New Guidance on the Territorial Scope of the GDPR

California Legislature Amends Consumer Privacy Act

In July, we reported on the California Consumer Privacy Act (CCPA), a sweeping privacy law signed by California Governor Jerry Brown. On August 31st, the California legislature passed SB1121, a bill to amend the CCPA. The amendments, currently awaiting Governor Brown’s signature, make the following changes: Earlier effectiveness and delayed enforcement. The amendments change the… Continue reading California Legislature Amends Consumer Privacy Act

California Enacts Strict Privacy Law

Last week, California Governor Jerry Brown signed into law AB 375, the so-called California Consumer Privacy Act of 2018. The Act was passed in order to defeat a stricter privacy-focused initiative set to appear on the November ballot, which we wrote about in May. The group behind that initiative withdrew it upon passage of the… Continue reading California Enacts Strict Privacy Law

Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion

Earlier this month, supporters of a proposed California data privacy initiative known as The California Consumer Privacy Act of 2018 (the “Act”) announced that they had collected 625,000 signatures for the initiative’s inclusion in the state’s November ballot. The number of collected signatures well exceeds the 365,880 count necessary under state regulations for inclusion of a… Continue reading Supporters of Proposed California Consumer Privacy Act Submit Necessary Signatures for Ballot Inclusion