Our Privacy & Security team works with the world’s most innovative companies on data protection issues. We are at the forefront of cutting-edge technologies and evolving privacy norms and are known for providing strategic, creative and actionable advice to our clients.
Publications
-
04.19.2024The American Privacy Rights Act: Could This Be the One?UpdatesSen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA) released a discussion draft of the American Privacy Rights Act on April 7, 2024. This announcement of a bipartisan, bicameral proposal for a federal comprehensive consumer privacy law was a significant—and unexpected—development in longstanding efforts to adopt federal privacy legislation.
-
04.10.2024CPPA Board Updates Timing for Regulations, and Enforcement Division Releases Enforcement Advisory: Focus on Data Minimization!BlogsThis year, the blossoming of spring is accompanied by a pair of noteworthy California Privacy Protection Agency (CPPA) updates.
-
03.18.2024FTC Obtains $16.5M from Avast for Sale of Sensitive DataBlogsOne month after the February 22, 2024, announcement of enforcement actions against data brokers X-Mode and InMarket Media, the Federal Trade Commission (FTC) announced a complaint and proposed consent order requiring software security company Avast Limited and two subsidiaries, Avast s.r.o. and Jumpshot, Inc. (collectively, Avast), to pay $16.5 million to resolve allegations that they unfairly and deceptively sold granular, reidentifiable web browsing data for advertising purposes.
-
03.14.2024Kids Online Safety Act Gains Momentum in the SenateBlogsLast month, Senators Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.) reintroduced the Kids Online Safety Act (KOSA), initially introduced last term, noting that the bill now has 62 cosponsors, bipartisan support, and is poised to pass in the Senate.
-
03.13.2024The Next Wave of Privacy Litigation: The Illinois Genetic Information Privacy ActUpdatesEnacted in 1998, Illinois’ Genetic Information Privacy Act governs the confidentiality and use of genetic testing and genetic information by employers and insurers. The statute was designed to prevent employers and insurers from using genetic testing and information as a means of discrimination.
-
02.29.2024CFPB Issues Proposed Open Banking RuleArticlesThe Consumer Financial Protection Bureau announced that it was issuing a Notice of Proposed Rulemaking regarding Personal Financial Data Rights on October 19, 2023. The proposed rule would implement section 1033 of the Consumer Financial Protection Act of 2010, which gives consumers the right to access their financial data and authorizes third parties to access it on their behalf.
-
02.27.2024FTC Proposes Rule Addressing Use of AI To Impersonate IndividualsUpdatesThe Federal Trade Commission issued a supplemental notice of proposed rulemaking on February 15, 2024, in which it recommended a trade regulation rule that would (1) impose liability on businesses who provide goods or services (including artificial intelligence technology) with knowledge or reason to know they will be used to engage in unlawful impersonation of individuals, government, or businesses; and (2) prohibit impersonation of individuals.
-
02.26.2024CCPA Enforcement Surprise: Regulations Effective ImmediatelyUpdatesOn Friday, February 9, as the country collectively packed up and prepared to head home for Super Bowl weekend, the Third Appellate District of the California Appellate Court issued an Order granting the California Privacy Protection Agency the ability to immediately enforce regulations implementing the California Privacy Rights Act, which were finalized in March 2023.
-
02.15.2024FCC Declares AI-Generated Robocalls UnlawfulUpdatesAI-generated robocalls may trick some consumers into thinking they are being called by a human being, but the Federal Communications Commission clarified in a recent AI Declaratory Ruling that it will not be fooled.
-
02.15.2024Two New States Enter the Privacy FrayBlogsBuilding off of the momentum from last year’s torrent of new comprehensive state privacy laws, 2024 has begun with a bang as two more states have now entered the picture.
-
02.12.2024
-
02.08.2024CT Attorney General Highlights Key Areas of Enforcement, Suggests Legislative ChangesUpdatesThe Connecticut Data Privacy Act requires the Attorney General’s Office to issue a privacy report no later than February 1, 2024, including (1) the number of notices of violation the attorney general has issued; (2) the nature of each violation; (3) the number of violations cured; and (4) any other matter the attorney general deems relevant.
-
02.07.2024FTC Brings First Standalone Section 5 Unfairness Claims for Unreasonable Data Retention and Inaccurate Breach NoticeUpdatesOn February 1, 2024, the Federal Trade Commission announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment.
-
02.05.2024Online Safety Risk Assessments Have Arrived: Five Steps for Building a Globally Adaptable ProcessUpdatesSafety risk assessments are becoming a preferred regulatory tool around the world. Online safety laws in Australia, Ireland, the United Kingdom, and the United States will require a range of providers to evaluate the safety and user-generated content risks associated with their online services.
-
01.26.2024The FTC Continues its Focus on Location and Sensitive DataBlogsLess than 10 days after announcing its complaint and proposed settlement against location data broker X-Mode, the Federal Trade Commission (FTC) followed its recent spate of enforcement in the location and sensitive data space with the announcement of another enforcement action and proposed settlement with InMarket Media, Inc. (InMarket).
-
01.17.2024FTC Cracks Down on Collection and Sharing of Sensitive Location Data With Proposed X-Mode SettlementBlogsOn January 9, 2024, the Federal Trade Commission (FTC) announced its complaint and proposed settlement with location data broker X-Mode Social, Inc. and its successor Outlogic, LLC (collectively X‑Mode).
-
01.11.2024FTC Signals Tough Line in First AI Discrimination Case Under Section 5UpdatesThe Federal Trade Commission announced its first enforcement action alleging that discriminatory use of artificial intelligence was an unfair practice under Section 5 of the FTC Act on December 19, 2023.
-
01.05.2024FTC Proposes Changes to COPPA RuleUpdatesThe Federal Trade Commission gave privacy lawyers a long-awaited Christmas present on December 20, 2023: its notice of proposed rulemaking to amend the Children’s Online Privacy Protection Act Rule. The NPRM follows a review of the COPPA Rule initiated by the FTC four years ago and the submission of over 175,000 public comments.
-
01.04.2024DoD Issues Proposed CMMC Rule Requiring Cybersecurity Assessments of ContractorsUpdatesThe U.S. Department of Defense has issued its long-awaited proposed rule implementing its Cybersecurity Maturity Model Certification program to protect sensitive, unclassified government information in the possession of defense contractors.
-
12.22.2023EU Reaches Political Agreement on AI Act, But Questions RemainUpdatesAfter a series of intensive negotiations among representatives of the European Union’s three governing bodies, the EU has concluded its “trilogue” meetings with a “political agreement” on the terms of its forthcoming Artificial Intelligence Act.
-
12.21.2023FCC Updates and Expands its Data Breach Notification RulesUpdatesIn a politically divided 3-2 vote, the FCC updated its data breach notification rules, which had been in effect since before the release of the first iPhone.
-
11.13.2023The New Health Privacy Landscape—Out of the Frying Pan and Into the FireUpdatesJust a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under HIPAA. Today, by contrast, the privacy of health-related personal information is under close scrutiny by the FTC, the U.S. Department of Health and Human Services’ Office for Civil Rights and state regulators.
-
11.03.2023UK Online Safety Act Becomes Law: What To Expect NextUpdatesLast week, the UK’s Online Safety Bill received royal assent and became law. With this development, Ofcom, the regulator for the new Online Safety Act, has published a roadmap to explain how the Act will be implemented over the next two years.
-
11.03.2023White House Issues Comprehensive Executive Order on Artificial IntelligenceUpdatesThe White House recently issued its most extensive policy directive yet concerning the development and use of artificial intelligence (AI) through a 100-plus-page Executive Order (EO) titled "Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” and accompanying “Fact Sheet” summary.
-
11.02.2023FTC Announces Data Breach Reporting Obligation Under GLBA Safeguards RuleUpdatesUnder an amendment to the Safeguards Rule under the Gramm-Leach-Bliley Act announced on October 27, 2023, the Federal Trade Commission will require a broad range of nonbank financial institutions to notify the FTC of instances of the unauthorized acquisition of unencrypted, personally identifiable, nonpublic financial information of more than 500 customers.
-
10.25.2023FCC Proposes To Reinstate Net NeutralityUpdatesThe Federal Communications Commission recently adopted a Notice of Proposed Rulemaking to reestablish its authority over broadband internet access service by reinstating its net neutrality rules.
-
10.25.2023Federal Legislation Seeks To Change Online Child Safety Reporting Obligations and Impose Content Safety ObligationsUpdatesA significant number of federal legislative proposals that focus on online child safety have been introduced. If enacted, they would modify online providers’ obligations to remove and report child sexual exploitation content, as well as require providers to implement notice and takedown mechanisms for certain CSE content.
-
10.19.2023California Law Requires Platforms To Take More Action Against Child Sexual ExploitationBlogsCalifornia Governor Gavin Newsom recently signed AB 1394, a law that imposes new obligations on social media platforms to prevent and combat child sexual abuse and exploitation.
-
10.10.2023Proposed FAR Rules Introduce New Compliance Obligations and False Claims Act Risks for Government ContractorsUpdatesThe Federal Acquisition Regulatory Council published two proposed rules on October 3, 2023, that would impose significant new cybersecurity obligations on government contractors.
-
10.09.20232023 Breach Notification Law Update: Changes to Notification and Security Requirements Continue at State and Federal LevelsUpdatesA flurry of legislative activity over the past year has brought meaningful changes to a variety of privacy and security provisions in state and federal law. At the state level, as in 2022, we have seen a handful of changes to generally applicable breach notification statutes, along with action on both narrower security provisions and broader omnibus privacy laws.
-
September 2023Security Breach Notification ChartLawyer Publications
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each state’s sometimes unique security breach notification requirements.
-
09.29.2023DHS Announces New Artificial Intelligence and Facial Recognition, Face Capture, and Facial Analysis PoliciesBlogsThe U.S. Department of Homeland Security announced new policies on September 14, 2023, regarding its use and acquisition of artificial intelligence technologies, including facial recognition and face capture technologies.
-
09.28.2023DHS Announces New Artificial Intelligence and Facial Recognition, Face Capture, and Facial Analysis PoliciesUpdatesThe U.S. Department of Homeland Security announced new policies on September 14, 2023 regarding its use and acquisition of artificial intelligence technologies, including facial recognition and face capture technologies. DHS also appointed Eric Hysen as the department’s first chief AI officer.
-
09.26.2023A Potential Look Into the Future: California Issues First Draft of Cybersecurity Audit and Risk Assessment RegulationsUpdatesThe Board of the California Privacy Protection Agency held its first meeting since July on Friday, September 8, 2023, and discussed the first public draft of cybersecurity audit regulations and risk assessment regulations. While the CPPA Board expressly announced that the drafts were for board meeting discussion purposes and has not started the formal rulemaking procedures yet, the first public drafts of the regulations provide a roadmap for where the CPPA Board may likely go, and the draft regulations would impose new and detailed compliance requirements.
-
09.21.2023UK Parliament Passes a Sweeping and Controversial Online Safety BillBlogsThe UK Online Safety Bill was passed by Parliament earlier this week and is expected to soon become law through royal assent.
-
09.18.2023Updating Corporate and Cybersecurity Practices To Satisfy the SEC’s Final Cybersecurity Disclosure Rules: Assessing Materiality of Cybersecurity IncidentsArticlesThe U.S. Securities and Exchange Commission announced the final version of its long-anticipated cybersecurity rules on July 26, 2023.
-
09.15.2023Global Online Safety Regulators Issue Statement on Human Rights and Online Safety RegulationBlogsThe Global Online Safety Regulators Network (Network) issued a position statement on human rights and online safety regulation on September 13, 2023.
-
09.11.2023A Deep Dive Into the SEC’s Materiality Trigger for Cybersecurity Incident DisclosuresBlogsThe U.S. Securities and Exchange Commission (SEC) adopted final rules relating to cybersecurity disclosure on July 26, 2023, which will take effect on December 18, 2023.
This blog has been republished in Insights, The Corporate & Securities Law Advisor. -
09.07.2023CFPB Announces Decision To Launch Rulemaking Targeting Data BrokersUpdatesFollowing a related request for information earlier this year, the Consumer Financial Protection Bureau announced on August 15, 2023, its intention to launch rulemaking targeting data brokers.
-
08.29.2023FFIEC BSA/AML Exam Manual Updates—Implications for BanksUpdatesThe Federal Financial Institutions Examination Council released the fifth phase of updates to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual on August 2, 2023.
-
08.21.2023FTC’s COPPA Enforcement Action Provides Lessons for Edtech ProvidersUpdatesIn the education space, the Federal Trade Commission (FTC) announced an enforcement order against edtech company Edmodo, who it alleged to have violated the Children’s Online Privacy Protection Act (COPPA). Edmodo, a business-to-consumer (B2C) online learning platform, provides K-12 teachers with tools to connect with students and parents, such as virtual classroom spaces.
-
08.08.2023It’s Official: Cybersecurity Disclosure Is Coming This YearUpdatesThe U.S. Securities and Exchange Commission adopted final rules on July 26, 2023, requiring public companies to provide current disclosure, within what may be a short time window, about material cybersecurity incidents and to include disclosure relating to cybersecurity risk management, strategy, and governance in annual reports.
-
08.01.2023Cybersecurity Implementation Plan Offers a Roadmap for Cyber PrioritiesUpdates
The Biden Administration recently released the implementation plan for the National Cybersecurity Strategy. The Plan includes initiatives for new cybersecurity regulations, new and expanded liability regimes, broad public and private engagement, and new procurement obligations and funding opportunities. Companies should pay close attention to opportunities to help shape new regulatory and liability schemes and should also anticipate greater scrutiny of cybersecurity issues that affect customers and supply chains.
-
07.25.2023The Beaver State Joins Growing List of States To Pass Comprehensive Consumer Privacy Law: The Oregon Consumer Privacy ActUpdatesAs of July 18, 2023, Oregon has joined 11 other states to pass a comprehensive consumer privacy law. The Oregon Consumer Privacy Act requires various disclosures around the collection and processing of personal data, provides consumers with rights to their data, and imposes obligations on controllers and processors, including honoring global opt-out signals.
-
06.29.2023Playing Catch-up With the EU, Senator Schumer Unveils Bipartisan AI Regulatory FrameworkUpdatesSenate Majority Leader Charles Schumer (D-NY) unveiled his much-anticipated, bipartisan legislative framework for regulating artificial intelligence during recent public remarks. To support this new framework and the resulting policy proposals, Senator Schumer has formed a bipartisan AI working group that will work closely with the leaders of the Senate’s Commerce, Homeland Security, Antitrust, Judiciary, and Intelligence committees to shape the draft legislation.
-
06.28.2023FCC Launches Privacy and Data Protection Task Force To Safeguard Consumer PrivacyUpdatesFederal Communications Commission’s Chairwoman Jessica Rosenworcel announced the formation of a Privacy and Data Protection Task Force at the FCC during a recent speech at the Center for Democracy and Technology Forum on Data Privacy.
-
06.26.2023Washington State’s New My Health My Data Act Will Likely Result in Insurance Coverage DisputesUpdatesWashington state recently passed the My Health My Data Act, which will almost certainly lead to an explosion of consumer lawsuits and follow-on insurance coverage disputes.
-
06.20.2023Saddle Up Again: Texas Joins States With Comprehensive Consumer Privacy LawsUpdatesTexas Governor Greg Abbott signed the Texas Data Privacy and Security Act into law on June 18, 2023. The comprehensive privacy and data security law will go into effect on July 1, 2024.
-
06.14.2023Ten Considerations for Developing an Effective Generative AI Use PolicyUpdates
Crafting an appropriate AUP for generative AI is a process that requires careful consideration and collaboration across multiple departments. Each policy will be different, reflecting the company’s business needs and culture, the nature of the intended uses of such tools, and the company’s level of risk tolerance in light of its industry and the applicable evolving legal and regulatory landscape.
-
06.09.2023FTC Issues Policy Statement Regarding Biometric InformationUpdates
The FTC issued a policy statement on May 18, 2023, addressing privacy and data security concerns and the potential for bias and discrimination relating to the collection and use of biometric information. In the Biometrics Policy Statement, the FTC lists specific examples of business practices relating to biometric information that it will scrutinize under Section 5 of the FTC Act, which prohibits unfair or deceptive acts and practices.
-
06.07.2023Biden Administration Updates Roadmap for AI Research and DevelopmentUpdatesThe National Science and Technology Council recently bolstered the Biden administration’s continued focus on responsible AI development by announcing an update to the National Artificial Intelligence Research and Development Strategic Plan.
-
06.07.2023The Wide Reach of the New Washington Privacy LegislationUpdatesThis Update is the third installment of the ongoing series covering Washington state’s new My Health My Data Act. The original impetus for the Act was the protection of reproductive rights, and it was signed into law alongside several other pieces of legislation focused on providing abortion and gender-affirming protections. However, because of the broad and vague definition of “consumer health data” covered by the legislation and because it applies to a wide range of entities, the Act may reach much further than might be justified by its original purpose.
-
06.06.2023Secret Evidence in Public TrialsArticlesThe Espionage Act is getting star billing this year. From an HBO movie about an old case to a newly charged case alleging a major leak of classified information to special counsel investigations of a former President and the current President, the only thing missing is a new Law & Order spinoff.
-
06.01.2023Consumer Rights and Business ObligationsUpdatesAs detailed in Part 1 of this ongoing series, Washington Governor Jay Inslee signed the state’s My Health My Data Act into law on April 27, 2023. In this installment, we provide an overview of the consumer rights bestowed by the Act and the obligations it imposes upon regulated entities and small businesses.
-
05.16.2023New York City Adopts Final Rules for Law Governing Automated Employment Decision ToolsUpdatesThe New York City Department of Consumer and Worker Protection adopted final rules for Local Law 144 on April 6, 2023.
-
05.09.2023Washington State Joins the Biometric Litigation FrayUpdates
On April 27, 2023, Washington Governor Jay Inslee signed into law House Bill 1155, also known as the My Health, My Data Act. Its stated purpose is to protect “consumer health data” collected by entities not already subject to the federal Health Insurance Portability and Accountability Act, but one less obvious consequence of the Act is that it may make Washington state a new hot spot for class-action litigation involving biometric privacy.
-
05.01.2023The Latest on the EU’s Proposed Artificial Intelligence ActUpdatesThe EU was in the process of implementing its AI Act, first proposed on April 21, 2021, before generative AI chatbots were widely released. This Update provides a fresh look at the AI Act’s legislative status and its substantive evolution before it becomes legally effective.
-
04.25.2023Biometric Privacy in Film, Television, Music, and GamingUpdatesCreators in film, television, music, and gaming are increasingly turning to artificial intelligence and machine learning models to deliver new content and experiences to audiences. While providing many benefits, some applications of AI/ML in these contexts could potentially trigger biometric privacy laws.
-
04.25.2023European Regulators Advance Artificial Intelligence InitiativesBlogsRecent weeks have seen action from various European regulators regarding artificial intelligence/machine learning (AI/ML) and algorithms.
-
04.21.2023Supreme Court Allows Structural Constitutional Challenges to FTC and SEC Proceedings in Federal District CourtUpdatesThe U.S. Supreme Court ruled in two related cases that federal district courts have jurisdiction to hear structural constitutional challenges to the adjudicative authority of the Federal Trade Commission and the U.S. Securities and Exchange Commission, and that litigants need not wait until the appeal of an adverse agency decision in the adjudication to raise such arguments in court.
-
04.20.2023Compliance Next Steps: Employment and B2B Data in CaliforniaUpdatesThe California Privacy Rights Act enforcement deadline draws near, but companies can’t focus solely on consumer data. California is the first state to apply comprehensive restrictions on the collection and use of employment and business-to-business data.
-
04.20.2023With the CPRA Enforcement Deadline On the Horizon, Employment and B2B Data Could Mean Cloudy Skies For Those UnpreparedBlogsThe exemption for employment-related and business-to-business (B2B) data under California’s privacy law expired on January 1, 2023.
-
04.19.2023Arkansas Becomes Second State To Enact Social Media Restrictions for MinorsBlogsLess than one month after Utah adopted the nation’s first law restricting the use of social media platforms by minors under 18, Arkansas last week enacted its Social Media Safety Act (the Act), SB396.
-
03.31.2023Crossing the Finish Line: California Regulations Effective ImmediatelyBlogsThe California Privacy Protection Agency (CPPA) released a statement on March 30, 2023, announcing that the California Office of Administrative Law (OAL) had approved the first substantive rulemaking package for the California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA).
-
03.30.2023Four Key Considerations for Implementing the California Age-Appropriate Design CodeUpdatesCalifornia’s Age-Appropriate Design Code is a first-of-its-kind children’s privacy law in the United States that is scheduled to go into effect in 2024. The CA AADC is applicable to online services, products, or features that are likely to be accessed by children.
-
03.30.2023Joining the Privacy Party: Iowa Becomes the Sixth State To Adopt a Comprehensive Privacy LawBlogsOn March 28, Iowa Governor Kim Reynolds signed Senate File 262, effective January 1, 2025, making Iowa the sixth state to offer comprehensive privacy protections.
-
03.29.2023FTC Requests Comments on Cloud Computing Business Practices With Potential Data Security ImpactsBlogs
The Federal Trade Commission (FTC) issued a press release and a request for information on March 22, 2023, soliciting comments from the public on cloud computing business practices, including issues related to market power, competition, and potential data security risks.
-
03.29.2023Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy LawsBlogsOn March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA).
-
03.28.2023Be Kind, Don’t Rewind: The VPPA’s Reemergence in Privacy Class-Action LitigationUpdatesThis Update discusses a spate of recent class action lawsuits asserting claims under the Video Protection Privacy Act.
-
03.27.2023CFPB Requests Information About Data Brokers for Planned RulemakingUpdatesThe Consumer Financial Protection Bureau announced on March 15, 2023, that it is issuing a Request for Information about the business practices of data brokers, which the agency said will assist it in “planned rulemaking” under the Fair Credit Reporting Act.
-
03.21.2023Utah Legislature Approves Social Media Restrictions for MinorsBlogsUtah state lawmakers are poised to change how (and when) minors who reside in Utah can use social media.
-
03.13.2023Northern District of Illinois Clarifies Standards for Tower DumpsBlogsThe U.S. District Court for the Northern District of Illinois recently found that in order for cell tower warrants to be supported by probable cause and satisfy Fourth Amendment concerns, they must include protocols limiting the government’s collection of information from individuals not involved in the underlying criminal activity.
-
03.07.2023FTC's Second Settlement in Weeks Highlights Scrutiny on Businesses Processing Health Data for AdvertisingUpdatesThe Federal Trade Commision announced a proposed complaint and proposed consent order with BetterHelp, Inc., an online counseling platform that allegedly disclosed consumer health data to third-party advertising platforms.
-
03.02.2023The Biden Administration’s National Cybersecurity Strategy: Impact on the Private SectorUpdates
The Biden Administration released its National Cybersecurity Strategy on March 1. The Strategy breaks with past precedent and emphasizes regulatory mandates and imposing liability, in addition to enhancing voluntary information-sharing and development of best practices. The Strategy will particularly affect critical infrastructure and cloud service providers.
-
02.23.2023Every Scan You Make: The Illinois Supreme Court Rules BIPA Claims Accrue With Each Biometric Data Collection or DisclosureUpdatesIn a landmark decision, the Illinois Supreme Court holds that every individual scan or transmission of biometric data made without the proper disclosures amounts to a separate violation of the Illinois Biometric Information Privacy Act.
-
02.10.2023New TSA Rail Cybersecurity Rule Shows Trend Toward Prescriptive MandatesUpdatesthe Transportation Security Administration issued a new security directive to enhance cybersecurity preparedness and resilience for designated passenger and freight railroads.
-
02.09.2023FTC Claims Sharing User Health Data With Advertising Platforms Is a “Security Breach”Updates
The Federal Trade Commission announced its first enforcement of the Health Breach Notification Rule against a digital health company, a case it brought against a company that shared user health data with third-party advertising platforms without the authorization of the affected users. This case signals the importance for digital health companies, whether or not covered by the Health Insurance Portability Accountability Act, of treating personal health information as sensitive and regulated by the HBNR and other FTC-enforced laws.
-
02.08.2023Biden Administration Plans Mandatory Cybersecurity Regulations for Critical Infrastructure CompaniesBlogsRecent comments by Anne Neuberger, President Biden’s Deputy National Security Adviser for Cyber and Emerging Technology, herald an important shift in U.S. cybersecurity policy.
-
02.08.2023Important Lessons from the Hive Ransomware DisruptionBlogsThe recently announced disruption of the Hive ransomware network is a significant and welcome accomplishment.
-
02.07.2023Almost There and Starting Again: CPPA Votes To Finalize Regulations and Launches Round TwoBlogsThe Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023.
-
02.07.2023California Attorney General Targets Popular Mobile Apps in CCPA Enforcement SweepBlogs
As it did last year, the California Attorney General’s Office recognized Data Privacy Day by announcing its latest investigative sweep under the California Consumer Privacy Act (CCPA).
-
01.24.2023EU Takes Step Toward Approval of EU-US Data Privacy FrameworkUpdatesThe European Commission released a draft adequacy decision approving the new EU-U.S. data privacy framework established in part by President Biden's Executive Order 14086.
-
01.18.2023Sweeping Appropriations Act of 2023 Makes Unprecedented Investments in AIUpdatesPublished over the holidays, President Biden signed the $1.7 trillion Consolidated Appropriations Act of 2023, which includes a wide range of artificial intelligence and machine learning initiatives and investments. It also directs several federal agencies to help ensure the responsible use of AI technologies, including the prevention of algorithmic bias. This Update includes a summary of the AI appropriations and initiatives.
-
01.12.2023FCC Proposes To Strengthen Data Breach Notification Rules for Telecom OperatorsUpdatesThe Federal Communications Commission published a Notice of Proposed Rulemaking that seeks to strengthen and broaden its breach notification rules arising from the unauthorized disclosure of customer proprietary network information.
-
01.11.2023Four Data Security Safeguards the FTC Would Like Companies To Adopt in 2023UpdatesData security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.
-
12.02.2022Willfulness and the Harm of Unlawful Retention of National Security InformationArticles
Journal of National Security Law and Policy
Discussions of the Espionage Act usually focus on the public’s conception of “spying.” Spies steal information that their government seeks to keep secret and disclose that information to other governments. -
11.29.2023One Step Closer: California Privacy Protection Agency Reviews Comments for CCPA RegulationsBlogsLast week, the period for comments closed on the California Privacy Protection Agency’s (CPPA) latest version of the draft implementing regulations for the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) (Revised Regs).
-
20222022 XR ReportLawyer PublicationsPerkins Coie’s survey of 150 industry stakeholders involved in XR and next-gen technology, which encompasses technological advancements such as Web3 and the metaverse, shows that immersive technology has reached a critical point.
-
11.28.2022New DOJ Guidance on Personal Devices and Third-Party Messaging Applications Applies to Any Company DOJ May ScrutinizeUpdatesThe U.S. Department of Justice recently released new guidance announcing several policy changes to further strengthen and clarify its approach to prosecuting corporate crime. This guidance is applicable to all third-party text and social media messaging platforms.
-
11.21.2022What is the US-UK Data Access Agreement and Why Does it Matter?UpdatesThis is the second in a series of updates addressing the bilateral data access agreement between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Data Act.
-
11.17.2022More State Content Moderation Laws Coming to Social Media PlatformsUpdates
California and New York recently passed laws that seek to change how social media platforms and social media networks design and report their content moderation practices. The New York law will require a hateful conduct policy and reporting mechanism starting in December 2022. California laws will impose content moderation and transparency requirements starting in 2023 and 2024.
-
11.15.2022New Indictments Reflect DOJ's All-Tools Approach To ChinaArticles
Law360
On Oct. 24, the U.S. Department of Justice announced charges against 13 individuals accused of acting within the U.S. as agents of the People's Republic of China, or PRC. -
11.10.2022White House Adopts Blueprint for an AI Bill of RightsUpdatesThe Office of Science and Technology Policy, a part of the Executive Office of the President, recently published a white paper entitled “The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People.”
-
11.01.2022Amazon and Microsoft Win Summary Judgment in Illinois BIPA Lawsuits Based on ExtraterritorialityUpdatesAfter more than two years of litigation, Amazon and Microsoft won summary judgment in two class action lawsuits asserting violations of the Illinois Biometric Information Privacy Act (BIPA): Vance v. Amazon.com, Inc., Case No. C20-1084JLR and Vance v. Microsoft Corp., Case No. C20-1082JLR.
-
10.27.2022China Data Privacy Laws, Wechat Muddy Cross-Border InquiriesArticlesPerkins Coie attorneys explain how China’s new data security laws and use of third-party apps, such as WeChat, by Chinese employees create significant obstacles for companies conducting internal investigations in the country.
-
10.20.2022Coal in the Stocking for Retail Employers: The California Privacy Rights ActUpdates
As the California Privacy Rights Act replaces its predecessor, the California Consumer Privacy Act, retailers have a significant amount of compliance preparation to do—right at peak season.
-
10.18.2022$228M Verdict in First Illinois Biometric Information Privacy Act TrialUpdatesAfter a five-day trial and only an hour of deliberation, the nation’s first trial under the Illinois Biometric Information Privacy Act ended with a bang. The jury found that the defendant recklessly or intentionally violated BIPA 45,600 times resulting in a $228 million judgment.
-
10.14.2022Western States Continue To Shape US Privacy Landscape: Colorado CPA and California CPRAUpdates
The Colorado attorney general’s office sent shockwaves throughout the privacy world on Friday, September 30, 2022, when it published its proposed Colorado Privacy Act draft rules.
-
10.13.2022New Jersey To Regulate Automatically Renewing Subscription ServicesUpdates
New Jersey has become the latest state to pass a law governing some types of automatically renewing subscriptions.
-
10.10.2022President Biden Issues Executive Order Regarding Signals Intelligence Activities, Clearing Way for New Trans-Atlantic Data Privacy FrameworkUpdates
President Biden signed an executive order on October 7, 2022, changing U.S. surveillance laws to address perceived deficiencies in protecting personal data identified by European Union courts.
-
10.10.2022The EU’s Digital Services Act: A Paradigm Shift for Online IntermediariesUpdates
Following the Council of the European Union's approval earlier this week, the Digital Services Act has been officially adopted, starting the countdown to the law’s entry into force later this year.
-
10.06.20222022 Breach Notification Law Update: State and Federal Requirements Continue To EvolveUpdatesCyberattacks continue to plague businesses, making the fallout of data breach notification and response as critical as ever. This year, like 2021, has been relatively quiet as it relates to state updates to breach notification laws.
-
09.12.2022China Increases Security Measures on Cross-Border Data TransfersUpdates
The Cyberspace Administration of China released the Measures for the Security Assessment of Cross-border Data Transfer on July 7, 2022, to regulate cross-border data transfers in accordance with the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. The measures go into effect on September 1, 2022.
The Measures provide a six-month grace period from September 1, 2022, to March 1, 2023, for companies with previous cross-border data transfer activities to become compliant with the new standards. Companies with outbound data transfers should seek knowledgeable counsel to monitor the implementation and enforcement of the Measures by the CAC.
-
09.12.2022CISA Seeks Input on New Cybersecurity Reporting RequirementsUpdatesPresident Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 on March 15, 2022. CIRCIA solicits public comment for 60 days, beginning September 12, 2022.
-
09.07.2022US-UK Bilateral Data Sharing Agreement Comes Into Force on October 3UpdatesUnder a new agreement between the United States and the United Kingdom, communications service providers in the United States may soon begin to receive legal process directly from law enforcement agencies in the United Kingdom.
-
09.06.2022FTC Sues Data Broker for Alleged Unfair Act of Selling Precise Geolocation DataUpdatesThe Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act.
-
08.16.2022FTC Kicks Off Wide-Ranging Privacy RulemakingUpdatesThe Federal Trade Commission released an advance notice of proposed rulemaking on “Commercial Surveillance and Data Security” on August 11, 2022. The ANPRM, approved on a 3-2 party line vote, is the initial step in a process that could result in the adoption of the first federal regulation addressing privacy, data security, and algorithmic discrimination across broad sectors of the U.S. economy.
-
08.08.2022Recent Settlement Highlights Cybersecurity Whistleblower Risk for Government ContractorsUpdatesThe U.S. Department of Justice’s Civil Cyber-Fraud Initiative, announced last October, is designed to leverage existing whistleblower incentives for employees, or other persons with inside knowledge, to identify lapses in federal contractors’ cybersecurity and privacy practices.
-
07.21.2022CAC Seeks Public Comment on China’s New Personal Privacy ContractUpdates
The Cyberspace Administration of China, the country’s internet watchdog, began collecting feedback on the draft provisions with respect to the release of its Standard Contract for Outbound Cross-border Transfer of Personal Information, which includes guidelines for the use of the Standard Contract for data processors, on June 30, 2022. An unofficial English translation of the contract is also available. The deadline for the submission of public comments is July 29, 2022.
-
07.15.2022DC Circuit Affirms Exemption for Certain Commercial Non-Telemarketing CallsUpdatesThe U.S. Court of Appeals for the District of Columbia Circuit recently denied a petition to review a 2020 Federal Communications Commission order that permitted callers to place commercial non-telemarketing robocalls to residential phone numbers and that established uniform call limits for such calls.
-
07.14.2022Supreme Court Decision Portends Greater Judicial Scrutiny of FCCUpdatesBy a 6-3 majority, the U.S. Supreme Court in West Virginia v. Environmental Protection Agency held that the Environmental Protection Agency’s efforts to regulate greenhouse gases by making industry-wide changes violated the “major questions” doctrine.
-
06.29.2022California’s Consumer Privacy Protection Agency Publishes First Set of Draft CPRA RegulationsUpdatesLast week, the Consumer Privacy Protection Agency (Agency) Board rounded out the first half of 2022 by releasing draft California Privacy Rights Act (CPRA) regulations. This first set of CPRA regulations focus on updating existing California Consumer Privacy Act (CCPA) regulations to account for the new provisions of the CPRA and addressing specific areas such as Agency audits and enforcement.
-
06.28.2022FCC Requires Gateway Providers to Combat Foreign-Based RobocallsUpdatesThe Federal Communications Commission recently adopted certain final rules, policies, and proposed rules to “stem the tide of foreign-originated illegal robocalls.”
-
06.21.2022Getting the Right Fit: Biometric Privacy and the Apparel IndustryUpdatesIn recent years, apparel and retail businesses have increasingly sought to provide customers with options to participate with the brand’s merchandise and services in virtual environments.
-
06.07.2022Forthcoming Disclosure and Security Requirements for Institutions Hosting Federally Funded ResearchUpdatesNational Security Presidential Memorandum-33 and implementation guidance from the National Science and Technology Council direct federal agencies to standardize and enhance disclosure and security requirements that apply to federally funded research and development.
-
06.01.2022Supreme Court Reinstates Injunction Against Texas Social Media LawUpdatesIn a 5-4 decision, the U.S. Supreme Court vacated the U.S. Court of Appeals for the Fifth Circuit’s stay of a temporary injunction in NetChoice, LLC v. Paxton, a closely watched case involving a novel Texas law purporting to bar “social media platforms” from engaging in “viewpoint” discrimination.
-
05.24.2022FTC Scrutinizing Ed Tech Providers and EndorsementsUpdatesIn its most recent open meeting, the Federal Trade Commission (FTC) unanimously (1) issued a COPPA policy statement directed at ed tech providers and (2) proposed amendments to the Endorsement Guides, which address influencer advertising on social media and consumer reviews.
-
05.19.2022What’s Next for Privacy at the FTC Following the Confirmation of Alvaro BedoyaUpdatesAlvaro Bedoya was sworn in as a commissioner of the U.S. Federal Trade Commission (FTC) on May 16, 2022.
-
05.04.2022Avoiding Data Breaches—A Guide for Boards and C-SuitesArticlesLitigation against corporate board members and C-level executives for data privacy and security claims is on the rise. Specifically, the number of suits stemming from data breaches and other cybersecurity incidents has increased as such breaches and incidents have become more common.
-
04.2022DOJ’s Civil Cyber-Fraud Initiative: The Emerging False Claims Act Landscape For Government Contracting And CybersecurityLawyer PublicationsAs federal agencies prepare to roll out new regulations to protect government information in the possession of government contractors against cyber threats—and to accelerate the procurement of cybersecurity products and services from industry—the emerging risks of False Claims Act (FCA) investigations and qui tam cases related to cybersecurity are an increasingly important consideration for contractors.
-
04.25.2022Growing Pains: New Self-Regulatory Framework for Teenage Privacy ProposedUpdatesThrough its newly launched Center for Industry Self-Regulation (CISR), BBB National Programs announced the launch of the TeenAge Privacy Program (TAPP).
-
2022California Consumer Privacy Act Litigation Year in Review 2022Lawyer PublicationsPerkins Coie is pleased to announce the launch of our second annual report California Consumer Privacy Act Litigation Year in Review. The California Consumer Privacy Act (CCPA) became effective on January 1, 2020, and regulates any “business” that does business in California.
-
04.15.2022SEC Proposes New Cybersecurity Disclosure Rules on Incident Reporting, Risk Management, Strategy, and GovernanceUpdatesOn March 9, 2022, the U.S. Securities and Exchange Commission (SEC) issued proposed rules regarding cybersecurity risk management, strategy, governance, and incident disclosure.
-
04.12.2022FTC Chair Lina Khan Gives First Public Address Regarding PrivacyUpdatesFederal Trade Commission Chair Lina Khan spoke at the opening of the International Association of Privacy Professionals Global Privacy Summit on April 11, 2022, in Washington, D.C.
-
04.11.2022Enforcement Trends From China’s Cyberspace Regulator in 2022UpdatesChina’s internet watchdog, the Cyberspace Administration of China, has continued to tighten its regulation of internet industries and driven the formulation of many new laws and regulations in cybersecurity and data protection in China.
-
04.08.2022Answers to Common Questions Regarding New CIRCIAUpdatesPresident Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 on March 15, 2022.
-
04.07.2022Supreme Court Limits Federal Courts’ Jurisdiction to Enforce Arbitration AwardsUpdatesThe U.S. Supreme Court ruled that federal courts cannot enforce or vacate arbitration awards under Sections 9 and 10 of the Federal Arbitration Act.
-
04.05.2022Illinois Supreme Court Nixes Employer Biometric Privacy DefenseUpdatesIn the latest of a series of setbacks for employers facing claims under the Illinois Biometric Information Privacy Act, the Supreme Court of Illinois held last month that the Illinois Workers’ Compensation Act does not preempt BIPA claims for statutory damages brought by employees.
-
03.31.2022Utah Joins California, Colorado, and Virginia With Omnibus Privacy LawUpdatesUtah Governor Spencer Cox signed the Utah Consumer Privacy Act (Utah Law) into law on March 24, 2022, making it the fourth omnibus state privacy law enacted in the United States.
-
03.29.2022Recent Warnings Highlight Need for Enhanced Cybersecurity of Critical InfrastructureUpdatesThe U.S. government has steadily increased its warnings about malicious cyber activity by Russia and other sophisticated, persistent adversaries.
-
2022
-
03.07.2022FCC Examines Cybersecurity Vulnerabilities Following Russian Invasion of UkraineUpdatesThe U.S. Federal Communications Commission published a Notice of Inquiry on February 28, 2022, inviting public comment on vulnerabilities that threaten the security and integrity of the Border Gateway Protocol, which is central to the internet’s global routing system.
-
03.01.2022Rip Van Wrinkle: The Grandfather of Biometric Laws AwakensUpdatesFor many years, the most significant law governing biometric-based products and services has been the Illinois Biometric Information Protection Act. This past month, however, another biometric data privacy law woke from a long, undisturbed slumber.
-
02.04.2022FCC Revokes Chinese Telecom’s US AuthorizationsUpdatesIn recent years, the Federal Communications Commission (FCC) has worked closely with the U.S. Department of Justice and other Executive Branch national security agencies to restrict China’s influence on U.S. telecommunications.
-
02.03.20222022 Compliance Landscape for Recurring Subscription ProgramsUpdatesBusinesses that allow customers to sign up for automatically renewing subscriptions must comply with a patchwork of state and federal regulations.
-
02.01.20222022 Cybersecurity Issues and Recommendations for ERISA Plan FiduciariesUpdatesNew cybersecurity developments and observations ... warrant prompt consideration by plan sponsors and other fiduciaries of employee benefit plans subject to ERISA.
-
01.2022Cybersecurity RoundtableArticlesAmid colossal pandemic-generated disruption over the past two years, the global economy has witnessed burgeoning cyber crime – a complex and fervent landscape that has become increasingly sophisticated as cyber criminals continue, and even escalate, their activity in times of crisis.
-
12.07.2021State Privacy Laws: The Gift That Keeps on Giving?UpdatesThough it was not long ago that resolutions of California Consumer Privacy Act readiness ushered in the new year, ‘tis the season once again to deck the halls with privacy compliance checklists.
-
2021XR Industry Insider 2021 AR/VR/XR Survey ResultsLawyer PublicationsPerkins Coie and XR Association survey of over 160 professionals found that immersive technology’s prospects have been strengthened by the pandemic.
-
12.14.2021GLBA Safeguards Rule Updated to Impose New Data Security RequirementsUpdatesFollowing a 3-2 vote, the Federal Trade Commission recently announced amendments to the Safeguards Rule under the Gramm-Leach-Bliley Act.
-
10.25.2021China Releases New Regulations on the Protection of Critical Information InfrastructureUpdatesOn August 17, 2021, China released the new regulations on the Security and Protection of Critical Information Infrastructure, which became effective on September 1, 2021.
-
09.14.20212021 Breach Notification Law Update: Connecticut and Texas Expand Requirements, Ransomware and Supply Chain Attacks Take SpotlightUpdatesCyberattacks continue to make the news and affect our lives in increasingly more significant ways.
-
09.09.2021California Issues New Regulations on Notification Obligations for Medical Information BreachesUpdatesCertain California licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July 1, 2021.
-
09.01.2021COVID-19 Vaccine Questions AnsweredUpdatesWith the surge of COVID-19 cases due to the Delta variant, many employers are considering whether to require employees to be vaccinated, how to encourage employee vaccinations, and the implications of vaccine policies for their businesses.
-
07.23.2021Biometric Privacy Rules Come to NYCArticlesNew York City’s ordinance could be the beginning of a trend, or simple an outlier, but one that every business in the city should be aware of.
-
07.09.2021The City That Never Peeps? NY City’s Biometric Identifier Information Ordinance Goes Into Effect July 9, 2021UpdatesNew York City’s new biometrics ordinance went into effect July 9, 2021. The ordinance regulates the use of “biometric identifier information” in “commercial establishments” such as places of entertainment, retail stores, and food and drink establishments.
-
07.08.2021Colorado Becomes the Third US State to Enact Comprehensive Privacy LegislationUpdatesColorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law on July 7, 2021, making it the third comprehensive state privacy law enacted in the United States.
-
07.02.2021noyb Takes Aim at “Cookie Banner Terror” While CNIL Enforces Cookie GuidelinesUpdatesThe European Center for Digital Rights (None of Your Business or “noyb”) launched a new campaign against the use of allegedly unlawful cookie banners by sending nearly 600 draft complaints to companies across the European Union and European Economic Area. Noyb has identified more than 15 types of alleged violations of EU privacy laws, and this update provides a summary and initial analysis of the key violation types.
-
06.01.2021Illinois Supreme Court Affirms BIPA Lawsuits Are Covered by GL PoliciesUpdatesThe deluge of lawsuits brought under the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14 et seq. over the past several years has presented a challenge to companies operating in Illinois.
-
05.24.2021China Releases Draft Interim Regulations on the Administration of Personal Information Protection for Mobile AppsUpdatesThe Chinese Ministry of Industry and Information Technology (MIIT), together with other agencies in the Chinese government, launched a series of campaigns for the rectification of excessive personal information processing activities of mobile application developers, operators, and third-party service providers. Drawing on the insights from these campaigns, the MIIT, the Cyberspace Administration of China, the Ministry of Public Security, and the State Administration for Market Regulation jointly released the draft Interim Regulations on the Administration of Personal Information Protection for Mobile Internet Applications.
-
04.28.2021Europe Seeks to Tame Artificial Intelligence With the World’s First Comprehensive RegulationUpdatesIn what could be a harbinger of the future regulation of artificial intelligence (AI) in the United States, the European Commission published its recent proposal for regulation of AI systems.
-
04.23.2021Supreme Court Rules FTC Cannot Obtain Monetary Relief Under Section 13(b)UpdatesOn April 22, 2021, in a unanimous decision, the U.S. Supreme Court in AMG Capital Management v. FTC held that the authorization to seek a “permanent injunction” under Section 13(b) of the Federal Trade Commission Act does not permit the FTC to obtain equitable monetary relief such as restitution and disgorgement. While the FTC may still seek monetary relief under Sections 5 and 19 of the Act, those provisions can be more difficult for the FTC to pursue. FTC Acting Chairwoman Rebecca Kelly Slaughter is already calling on Congress to “strengthen the FTC’s powers” in light of the decision.
-
04.22.2021US Department of Labor Issues Highly Anticipated Cybersecurity Guidance for ERISA PlansUpdates
On April 14, 2021, the US Department of Labor (DOL) released three-part guidance on cybersecurity issues for employee benefit plans, marking its first significant commentary on the issue since its comprehensive, but non-binding, report in late 2016. The DOL’s guidance provides “tips” and “best practices” for ERISA plan sponsors, responsible fiduciaries, recordkeepers, service providers, and participants in appropriately safeguarding non-public plan and participant information against cybersecurity threats.
-
04.05.2021Supreme Court Narrows TCPA’s Definition of “Autodialer”UpdatesIn Facebook, Inc. v. Duguid et al., the U.S. Supreme Court provided some clarity that stakeholders have been awaiting since 2015 by adopting a narrower interpretation of the term “autodialer” for purposes of the Telecommunications Consumer Protection Act (TCPA). The Court reversed an expansive interpretation of “autodialer” adopted by the U.S. Court of Appeals for the Ninth Circuit that the Court noted would have prohibited many commonplace uses of cell phones by consumers. The Court found that for a dialing system to constitute an autodialer, it must have the capacity to either store or produce a telephone number using a random or sequential number generator. This narrower interpretation comes as a relief to a broad range of businesses and nonprofit organizations, among others, that believed the Ninth Circuit’s broad interpretation unfairly ensnared legitimate communications practices that did not harm consumers.
-
02.17.2021Ambiguity in CPRA Imperils Content Intended for Underrepresented CommunitiesArticlesIn November 2020, California voters approved a new data privacy law. Unfortunately, the law contains a provision that may threaten the future of digital content for underrepresented communities.
-
UPDATED 02.08.2021What to Expect From Acting Chairwoman Rosenworcel’s FCCUpdatesShortly after his inauguration, President Biden appointed Commissioner Jessica Rosenworcel as acting chairwoman of the U.S. Federal Communications Commission.
-
01.29.2021Everalbum Settles FTC Claims Alleging Deceptive Use of Facial Recognition TechnologyUpdatesThe Federal Trade Commission announced on January 11, 2021, that it had reached a settlement with Everalbum, Inc., the developer of a now-defunct photo storage app called “Ever.” The settlement is the FTC’s first enforcement action focused on facial recognition technology, and likely signals a new era of increased regulatory scrutiny for companies involved in facial recognition.
-
LAST UPDATED: JANUARY 2021
-
01.27.2021Washington, New York, and Minnesota Introduce New Privacy Laws to Begin the New YearUpdatesIt’s a new year and it looks like 2021 is going to be another eventful one for privacy. In the past few weeks, we’ve seen several states introduce new privacy legislation, including Washington, New York, and Minnesota.
-
January 2021Can California’s Privacy Initiative Revitalize U.S.-EU Commerce?ArticlesThe passage of the California Privacy Rights Act more closely aligns the consumer privacy standards of one of the United States’ most economically important jurisdictions with those of the European Union.
-
Fall 2020A Law on the Cusp of Change?ArticlesThe Communications Decency Act, 47 U.S.C. § 230 (CDA) establishes that entities known as interactive computer service providers are not liable for (1) communications or content posted by people who use their services, (2) their services’ design or structure, or whether and how to allow people to have accounts, and (3) discretionary decisions about removing or restricting access to certain objectionable content.
-
12.22.2020Time to Face the Country’s Strictest Facial Recognition LawUpdates
Companies that do business in Portland, Oregon may need to add one more item to their holiday to-do list: disable face recognition technologies in Portland.
-
12.16.2020Understanding the Data Privacy Risks With AI-Driven AR/VR ApplicationsUpdatesIn the 2020 Augmented and Virtual Reality Survey conducted by Perkins Coie LLP, Boost VC, and the XR Association, nearly three-quarters of industry leaders polled indicated that they expect immersive technologies to be mainstream within the next five years.
-
12.09.2020New Internet of Things Cybersecurity Law EnactedUpdatesInternet of Things (IoT) devices have the potential to transform our home and work environment by integrating a growing range of “smart” wirelessly connected sensors into our daily lives.
-
12.01.2020DHHS Updates Resources for Mobile Health App DevelopersUpdatesThe COVID-19 pandemic and the resulting need for patient access to remote healthcare, as well as the development of contact-tracing apps, have spotlighted the importance of health-focused mobile applications (mHealth apps).
-
11.16.2020What to Expect From the Biden FCCUpdatesWhat can we expect from the Federal Communications Commission from the incoming administration of President-elect Biden?
-
09.2020USA: 2020 Privacy Legislation - Part 2: Illinois, New Jersey and MinnesotaArticlesIn this two-part Insight series, James Snell, Marina Gatto, Zachary Watterson, Nathan Duletzke and Kayla Lindgren, of Perkins Cole LLP, provide an overview of the evolution of consumer privacy legislation in 2020, including a recap of the bills that failed, and an overview of the privacy-related bills that remain pending.
-
09.16.2020China’s New Personal Information Protection SpecificationsUpdatesAfter undergoing several rounds of revisions to the 2019 draft specifications, the new Information Security Technology-Personal Information Security Specifications (GB/T35273-2020) (New Personal Information Specifications) were released jointly by the State Administration of Market Regulation and the Standardization Administration of China on March 6, 2020.
-
08.04.2020Class Action Litigation in the COVID-19 EraUpdatesHundreds of COVID-19-related class action claims have been filed in state and federal courts throughout the country.
-
07.28.2020Key Financial Data Security Takeaways From FTC WorkshopArticles
Law360
On June 13, the Federal Trade Commission held a virtual workshop on proposed changes to the Gramm-Leach-Bliley Act safeguards rule. -
07.27.2020INSIGHT: Mitigating Data Breach Risks Facing Marijuana BusinessesArticlesMarijuana businesses, especially those in the medical marijuana industry, often have access to sensitive consumer information.
-
Privacy vs. The PandemicPodcasts
In Privacy Versus the Pandemic, Perkins Coie Privacy attorneys take a trip around the world to explore the interplay between privacy and public health during the COVID-19 outbreak.
-
07.20.2020EU Court Strikes Down EU-US Privacy ShieldUpdatesThe Court of Justice for the European Union (CJEU) on July 16, 2020, invalidated the EU-U.S. Privacy Shield as an approved mechanism for transferring personal data from the European Union to the United States.
-
07.09.2020Remote Depositions and Other Remote Testimony: Representing Clients in the New NormalUpdatesThis update provides some recent lessons learned with remote depositions that apply to both those who take and defend remote depositions.
-
-
06.26.20202020 Breach Notification Law Update: Vermont, District of Columbia, Maine, and California Expand RequirementsUpdatesStates continue to enhance and expand their breach notification requirements, increasing the scope of breaches that require notice as well as the complexity of compliance.
-
06.25.2020DoD’s Cybersecurity Verification Regime: New Details Emerge Related to Third-Party Auditor Training and AccreditationUpdates
A key area of focus in the Department of Defense’s (DoD) gradual rollout of its Cybersecurity Maturity Model Certification (CMMC) is the training and accreditation of third-party assessors that will be responsible for reviewing some 300,000 defense contractors’ cybersecurity practices for compliance with applicable controls.
-
05.12.2020Cameras, Temperatures, and Apps Oh My! COVID-19 Checklist for Commercial Landlords and TenantsUpdatesToday commercial landlords and tenants are preparing to safeguard their employees and customers from Covid-19 risks.
-
05.04.2020Important Privacy Considerations in Pandemic TimesArticlesAlthough many businesses are finding themselves in new and challenging times due to the impacts of COVID-19 and the related shelter-in-place orders, it is important to keep in mind that compliance with applicable privacy laws is still required, and attorney general enforcement of California’s newest privacy law is on the horizon and set to begin July 1, 2020. In this article we provide insight on what is required of businesses subject to the CCPA, what trends we have seen in CCPA-related litigation thus far, and the impending enforcement of the CCPA by the California attorney general. Read more.
-
20202020 Augmented and Virtual Reality Survey ResultsLawyer PublicationsPerkins Coie, XR Association, and boost VC surveyed nearly 200 professionals representing startups, enterprise technology firms, and investors for their insights on the trajectory of the immersive technology industry.
-
04.08.2020FCC Paves the Way for New Broadband Wi-Fi Services in the 6 GHz BandUpdatesIn response to great interest from Silicon Valley, Federal Communications Commission Chairman Ajit Pai has released draft rules that would make valuable spectrum available for unlicensed wireless broadband services (i.e., Wi-Fi) in the 6 GHz band (5.925-7.125 GHz).
-
03.27.2020Responding to COVID-19 Requires an Integrated ApproachUpdatesRecognizing the high volume of COVID-19 content being published, Perkins Coie developed a one-stop, integrated resource page that addresses key legal and business considerations for companies across essential business areas, from insurance coverage and labor and employment, to privacy and security, corporate governance, tax, construction, supply chain, and more.
-
03.23.2020CCPA & COVID-19: A Practical Guide to Addressing Privacy and Data Security Implications of the CoronavirusArticlesCOVID-19 arrives just as the first omnibus privacy statute in the United States, the CCPA became effective. Since its January 1 effective date, we continue to wait for finalization of the CCPA regulations and enforcement that was slated for July 1.
-
02.04.2020New Biometrics Lawsuits Signal Potential Legal Risks in AIUpdatesCompanies that deal with biometrics are likely aware of Illinois’ Biometric Information Privacy Act (BIPA), which regulates the collection, storage, and use of biometric data, including, for example, fingerprints, voiceprints, and scans of “face geometry.”
This update was republished in The Journal of Robotics, Artificial Intelligence & Law (September / October Edition). -
02.03.2020DoD Releases New Cybersecurity Verification StandardUpdates
The U.S. Department of Defense’s (DoD) new cybersecurity verification regime is moving into a new phase, with major implications for contractors.
-
11.26.2019New Cybersecurity Certification Framework Will Have Significant Impact on Defense ContractorsUpdates
The U.S. Department of Defense (DOD) is forging ahead in its plan to adopt a new framework for cybersecurity, with significant ramifications for all defense contractors, including subcontractors.
-
11.01.2019Avoiding CCPA-Related Insurance GapsArticlesBeginning January 1, 2020, companies doing business in California that meet certain criteria will be subject to a new regulation, as the sweeping California Consumer Privacy Act (CCPA) goes into effect.
-
10.30.2019The Proposed CCPA Regulations Impose New ObligationsUpdatesThe California Attorney General’s Office released for public comment the long-awaited proposed regulations for the California Consumer Privacy Act (CCPA) on October 10, 2019.
-
10.2019California: CCPA Proposed Regulations and MoreArticlesOn 10 October 2019, after much anticipation, the California Attorney General, Xavier Becerra, held a press conference and announced the release of proposed regulations, intended to further the purposes of the California Consumer Privacy Act of 2018 (CCPA).
This article was republished in the November 2019 issue of Data Protection Leader. -
10.16.2019New California Ballot Initiative Contemplates Stricter Privacy RequirementsUpdatesA new California privacy ballot initiative has been introduced by real estate developer and privacy rights advocate, Alastair Mactaggart.
-
09.20.2019CCPA Amendments Provide Important ClarificationUpdatesWhile privacy laws are proliferating globally, the California Consumer Privacy Act (the CCPA) is California’s comprehensive and landmark legislation that seeks to give California consumers expanded rights to learn about and control certain aspects of how a business handles “personal information” collected about its consumers.
-
09.03.2019China’s New Draft Encryption LawUpdatesThe Standing Committee of the National People’s Congress released the Encryption Law of the People’s Republic of China (Draft) for public comment on July 5, 2019 (the “2019 Draft”).
-
08.13.2019Biometrics and the Law: How the CCPA Fits Into the Bigger Picture and Best Practices to Reduce Litigation RiskArticlesStates across the country are enacting or proposing legislation to regulate the collection, storage, use and disclosure of biometric data.
-
07.17.2019Introduction and Comments on Measures for Data Security Management in ChinaUpdatesThe Cyberspace Administration of China (i.e., the Office of the Central Cyberspace Affairs of China) promulgated the draft Measures for Data Security Management (the Measures) for public comment on May 28.
This update has also been published in the February-March 2020, Vol. 6 No. 2 issue of Pratt's Privacy & Cybersecurity Law Report. -
Updated 09.05.2019New York and New Jersey Make an Early Effort to Regulate Artificial IntelligenceUpdatesIn recent years, the use of artificial intelligence (AI) solutions in every sphere of the economy has increased dramatically.
-
06.27.2019States Continue to Expand Breach Notification Requirements in 2019UpdatesAs more and larger data breaches come to light, states continue to update and expand their breach notification statutes, adding to the patchwork of notification obligations that now exists in every state.
-
06.24.2019FCC Continues Uphill Battle Against Unwanted RobocallsUpdatesThe Federal Communications Commission recently adopted new measures to combat unwanted robocalls in a unanimous Declaratory Ruling and Further Notice of Proposed Rulemaking.
-
06.13.2019Regulating the Security of Connected Devices: Are You Ready?UpdatesAs if businesses did not have enough on their plates as they prepare for the California Consumer Protection Act and similar privacy laws in other states, manufacturers of Internet of Things (IoT) devices (objects that connect to the internet and collect and transmit data) must also comply with California and other states’ new IoT device security laws.
-
06.06.2019Nevada Grants Consumers Opt-Out Rights in Expanded Online Privacy LawUpdatesNevada is the latest state to strengthen privacy laws to address the perceived need for more oversight of how companies handle personal data. On May 29, 2019, Nevada’s governor signed into law Senate Bill 220, which amends the state’s online privacy notice statute, Nev. Rev. Stat. Ann. § 603A.300 et. seq. The amendments provide consumers with the right to restrict an entity’s “sale” of covered information while also excluding certain entities from the statute’s application. The amendments become effective October 1, 2019.
-
06.05.2019I Am Robot: California’s New Law Requires Disclosure of Use of BotsUpdatesBusinesses that use chatbots to interact with customers online may be affected by California’s new Autobot Law (SB 1001) that goes into effect July 1, 2019.
-
05.31.2019Are Cyber Claims Covered Under Coverage B of CGL Policies?Blogs
Tech Risk Report
The consequences of a data breach can be far-reaching. While the initial issues in the wake of a breach often involve investigation into the cause of the breach and sending notification to those affected (both of which are covered by most cyber insurance policies), coverage for certain types of third-party claims stemming from cyber breaches may be available under Commercial General Liability (CGL) insurance policies. -
20192019 Augmented and Virtual Reality Survey ResultsLawyer PublicationsPerkins Coie surveyed 200 startup founders, technology company executives, investors and consultants on key challenges and opportunities in the immersive technology space.
-
04.24.2019European Parliament Approves Amendments to Draft “Terrorist Content” LegislationUpdatesThe European Parliament approved several amendments to the European Commission’s proposed Regulation on preventing the dissemination of terrorist content online on April 17, 2019.
-
04.12.2019Takeaways from CA Senate Judiciary Hearing on Bill That Would Expand CCPA’s Private Right of Action
Privacy Quick Tips
On April 9, 2019, the California Senate Judiciary committee voted to advance SB 561, which would expand the private right of action to any violation of the CCPA (not just for negligent breaches) and would eliminate a business’s 30-day right to cure. -
04.03.2019Six Phases of Compliance for a Comprehensive Privacy Program
Privacy Quick Tips
When creating a privacy program, it is important to look ahead and think strategically about who your audience might be. For businesses that might find themselves under the scrutiny of regulators and judges because of a lawsuit, unwanted publicity, or data breach, it is critical to be able to demonstrate substantial compliance for the program they’ve implemented. -
03.28.2019CCPA 12-Month Compliance Series Part 3: Conduct a Gap Analysis
Privacy Quick Tips
After conducting a data inventory a business should assess its risks by benchmarking its policies and practices with applicable privacy laws and regulations. Conducting a gap analysis is a critical tool in identifying compliance gaps and developing a plan to bridge those gaps. -
02.27.2019CCPA 12-Month Compliance Series Part 2: Know Your Data
Privacy Quick Tips
To comply with the CCPA, you need to know your data. You need to know what personal information you collect, where it is collected and stored, and whether, to whom, and for what purpose, it is shared or sold. And to know your data, you need to conduct a thorough data inventory. -
02.20.2019Common Exclusions Invoked by Cyber Carriers to Deny CoverageBlogs
Tech Risk Report
Often called the “wild west,” the cyber insurance marketplace offers a wide variety of policy forms that vary drastically in the scope of coverage provided. This is further compounded by the relatively small amount of case law analyzing cyber policies and the quickly-evolving cyber risks that companies face. Insurers are quick to deny coverage based on the many exclusions in cyber policies, often leaving policyholders with the option of either spending money to fight their insurer in court or accepting the carrier’s denial. -
02.14.2019FAA Updates Small UAS RulesUpdatesThe FAA published proposed rules on the Operation of Small Unmanned Aircraft Over People on February 13, 2019.
-
2.13.2019Incident Response: Have a Plan
Privacy Quick Tips
For any company handling personal information (PI), an incident involving unauthorized access of the PI may be a question of when and not if. The question then becomes: what does the company need to do? -
02.06.2019Privacy by Design Is Good Business…and the Law
Privacy Quick Tips
Recent privacy laws and standards promote, and in some cases require, privacy by design. Simply put, companies are to incorporate privacy principles in and throughout all its products and services. -
01.30.2019Proposed Washington Privacy Act Tracks GDPR and CCPA Protections and Emphasizes Facial RecognitionUpdatesWashington state has joined the growing ranks of states considering data privacy legislation in the wake of the European General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
-
01.23.2019Federal Privacy Bills Introduced
Privacy Quick Tips
With the states taking the lead on privacy (see our tip here), the federal government is starting to get in on the action.
-
01.17.2019California AG Hosts the First Two Public Forums on California Consumer Privacy Act
Privacy Quick Tips
The California Office of the Attorney General (“OAG” or “Office”) held the first two of its six public hearings on January 8, 2019 in San Francisco and on January 14, 2018 in San Diego to solicit public comments and feedback in preparation for its rulemaking efforts under the California Consumer Privacy Act (“CCPA”). -
Updated 01.22.2019How the Government Shutdown Affects FCC OperationsUpdatesAs of January 3, 2019, the Federal Communications Commission (FCC) has suspended most of its operations for the duration of the government shutdown due to the agency’s exhaustion of available funds. This alert summarizes how and the extent to which the shutdown affects FCC operations, based on the FCC’s plan for orderly shutdown released on December 18, 2018 and Public Notice released on January 2, 2019.
-
01.02.2019Google Defeats Biometric Privacy Lawsuit on Article III Standing GroundsUpdatesGoogle won summary judgment in Rivera v. Google, a privacy class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The case involved “face grouping,” a feature that enables Google Photos to automatically sort and group the photographs in a user’s private account, based on visual similarities between the images of faces in the photos. The court held that any alleged collection of “biometric information” or “biometric identifiers” stemming from this feature did not cause an injury-in-fact sufficient to confer Article III standing. This update summarizes the decision, which may be relevant to clients involved with biometric technology, as well as other clients facing litigation where a no-injury defense may be applicable.
-
12.18.2018Is Your Business Prepared for Holiday Hacking?
Privacy Quick Tips
There is often an upsurge in hacking and online scams during the holidays, and businesses are not always prepared to respond. This tip includes five key steps you can take immediately to protect and defend against breaches. -
11.28.2018Should You Provide a Short Form Privacy Notice?
Privacy Quick Tips
Privacy policies are meant for a host of audiences, including consumers, regulators and advocates. One way to make your privacy policy more accessible to consumers is to include a short form privacy notice at the start of a policy. -
11.20.2018CCPA’s Independent Business Obligations
Privacy Quick Tips
The CCPA creates eight consumer rights, eight corresponding business obligations and three independent business obligations. -
11.07.2018Canada’s New Breach Regulations
Privacy Quick Tips
Are you collecting, using or disclosing personal information (PI) of Canadian residents in the course of commercial activities? If so, you may be subject to Canada’s Breach of Security Safeguards Regulations (Regulations), under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). -
10.25.2018All I Want for Christmas…Is a New Privacy Law?UpdatesBeyond preparing for this year’s holiday rush, retailers around the country have started thinking about potential changes to their operations in response to California’s sweeping new consumer privacy law.
-
10.24.2018SEC 21(a) Report Warns Public Company Email Scam Victims of Bigger Problems Than Stolen MoneyUpdatesKnown by many names, including business email compromise fraud, CEO or CFO fraud, impersonation attacks, or “Man-in-the-Email” scams, cyber-related frauds involving spoofed or otherwise compromised business electronic communications continue to be an increasingly pervasive threat to businesses of all sizes, including public companies.
-
10.19.2018European Commission Publishes Proposed Regulation Governing Online “Terrorist Content”UpdatesThe European Commission recently published its draft “Regulation on preventing the dissemination of terrorist content online.”
-
10.16.2018USDOT Issues Updated Policy on Automated Vehicles, Signaling Rulemakings to ComeUpdatesThe United States Department of Transportation recently released its latest policy statement on automated vehicle technologies, Automated Driving Systems 3.0: Preparing for the Future of Transportation.
-
10.12.2018French Data Protection Authority Issues Guidance on Application of Blockchain to the GDPRUpdatesOn September 24, 2018, the French data protection authority, Commission Nationale de l’Informatique et des Libertés (CNIL), became the first data protection authority to issue written guidance on the intersection of the use of blockchain technology and the General Data Protection Regulation (GDPR).
-
10.11.2018Keep Your Shield Up: FTC Settles With Four Companies Falsely Claiming They Comply With Privacy ShieldUpdatesThe FTC announced settlements with four companies last month of the FTC’s claims that the companies engaged in deceptive trade practices by falsely claiming to be certified under the EU-U.S. Privacy Shield.
-
10.11.2018Update for Financial Institutions Regarding the California Consumer Privacy Act—This New Law May Apply to You
Privacy Quick Tips
Does your company handle data analytics to target California consumers? If so, it is imperative that you pay close attention to the California Consumer Privacy Act (CCPA) that goes into effect on January 1, 2020. The CCPA goes well beyond the General Data Protection Regulation (GDPR); however, if you’ve achieved compliance with the GDPR, you are well on your way to achieving CCPA compliance. -
10.04.2018Congress Passes FAA Reauthorization Bill That Opens Door for Significant Changes to UAS RegulationsUpdatesOn October 3, 2018, the Senate passed a bipartisan bill that will reauthorize the Federal Aviation Administration (FAA) for five years. The bill, which is referred to as the FAA Reauthorization Act of 2018 (H.R. 302), was previously passed by the House of Representatives.
-
06.29.2018California Consumer Privacy Act of 2018 Brings Some GDPR Aspects StatesideUpdatesOn June 28, 2018, California adopted the strictest general privacy and data security law in the country, called the “California Consumer Privacy Act” (codified in Assembly Bill 375), which will come into effect on January 1, 2020.
-
06.13.2018FCC Expands Spectrum Available for 5G Wireless DeploymentUpdatesThe Federal Communications Commission (FCC) recently adopted a number of orders and proposed rules affecting the availability and use of millimeter-wave spectrum for advanced fifth generation (5G) wireless networks.
-
06.12.2018New Data Breach Notification Laws Spring 2018: What You Need to KnowUpdatesThis spring has brought a particularly active round of revisions to state data breach notification laws.
-
06.11.2018Use a Third-Party Platform? You Might Be a “Data Controller”UpdatesThe European Union’s top court ruled last week that the operator of a Facebook fan page is a “joint controller,” along with Facebook, with respect to personal data collected on such pages.
-
20182018 Augmented and Virtual Reality Survey ResultsLawyer PublicationsPerkins Coie surveyed 140 startup founders, technology company executives, investors and consultants on key challenges and opportunities in the AR/VR space.
-
05.07.2018Offer Wi-Fi or Internet Service to Customers? These Are Your New Legal ObligationsUpdatesIt would be unusual these days to find a hotel, coffee shop, cruise line or airline that doesn’t offer some form of internet access to its customers. It’s unlikely, however, that those businesses have had occasion to give much thought to the Stored Communications Act.
-
04.26.20182018 ABA Antitrust Law Spring Meeting: Consumer Protection TakeawaysUpdatesThe American Bar Association’s 66th Antitrust Law Spring Meeting held earlier this month included many sessions on consumer protection.
-
04.12.20186 Ways to Improve Your Incident Response Plan for GDPRUpdatesThe General Data Protection Regulation (GDPR), which is effective May 25, 2018, requires notification to European regulators within 72 hours of the discovery of many types of data breaches. This deadline requires speed and organization that no other jurisdiction currently requires, especially in the United States. Organizations that hold personal data of EU residents and do not have an incident response plan should promptly develop one so they can comply with the GDPR’s requirements.
-
GDPR Data Breach Notification RequirementsLawyer PublicationsAny individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, government, governmental subdivision, agency, or instrumentality, public corporation, or any other legal or commercial entity (collectively, Entity) that owns or licenses computerized data that includes an IA resident’s PI that is used in the course of the Entity’s business, vocation, occupation, or volunteer activities and that was subject to a breach of security.
-
03.19.2018Critical Takeaways From the D.C. Circuit’s Long-Awaited Robocall RulingUpdatesLast Friday, the U.S. Court of Appeals for the District of Columbia Circuit (D.C. Circuit) issued its long-awaited decision in ACA International v. Federal Communications Commission, No. 15-1211 (D.C. Cir. Mar. 16, 2018).
-
02.28.2018SEC Speaks 2018: Flexibility and Cooperation on Both SidesUpdatesAt this year’s PLI “SEC Speaks” conference held February 22-23, 2018, in Washington, D.C., the U. S. Securities and Exchange Commission’s senior leadership showcased its 2017 accomplishments, and previewed priorities for 2018 and beyond.
Highlighted in Law360's: "In Case you Missed It: Hottest Firms And Stories On Law360," on 03.02.2018. -
02.23.2018SEC on Cybersecurity: Jay Clayton’s “Light Touch”UpdatesThe U.S. Securities and Exchange Commission (SEC) issued its first formal interpretative release on public company disclosure obligations relating to cybersecurity since the SEC Division of Corporation Finance’s guidance in 2011.
This update was republished in Bloomberg BNA's White Collar Crime Report on 03.16.2018, "New SEC Cybersecurity Guidance Reflects Clayton's 'Light Touch'," and Bloomberg's Big Law Business on 03.13.2018, "SEC on Cybersecurity: Jay Clayton’s “Light Touch." -
02.16.2018Legal Risks Attached to AI Technology are Far from ArtificialArticlesArtificial Intelligence (AI) refers to a machine's ability to simulate human intelligence to perform tasks like planning, decision-making, and recognizing objects or sounds. Its use is not always obvious, but AI is now present in nearly every aspect of our lives—from our "smart" home products to our medical care, jobs, and businesses.
-
01.23.2018USDOT Seeks Comment on Removing Regulatory Barriers to Autonomous VehiclesUpdatesLast week, three U.S. Department of Transportation agencies issued requests for comment on ways to update federal regulations and policies to allow for the safe testing and deployment of autonomous vehicles.
-
12.20.2017Reporting Requirement Alone Survives Net Neutrality RepealArticles
Law360
In a sweeping deregulatory measure, the Federal Communications Commission (FCC) recently adopted a final order to repeal most of the net neutrality rules, known as the “Restoring Internet Freedom order” -
11.28.2017FCC to Repeal Net NeutralityUpdatesOn the eve of Thanksgiving, the FCC released a draft order to repeal its own net neutrality rules.
-
09.26.2017Automated Vehicles: Do New Act and Policy Clarify the Regulatory Future?UpdatesThe Trump administration took its first major step to facilitate the deployment of automated vehicles with the Department of Transportation’s release of “Automated Driving Systems 2.0: A Vision for Safety,” an update to the 2016 Federal Automated Vehicle Policy.
-
09.18.2017Give Your Customers the Gift of SecurityUpdates2017 has reminded us that data security threats continue to evolve and that the stakes for companies can be very high if their data security programs fail to evolve as well.
-
09.11.201722 Million Comments Tell FCC Battle Over Net Neutrality Is Not OverUpdatesLast year, the contentious net neutrality debate appeared to be finally settled when the U.S. Court of Appeals for the District of Columbia Circuit affirmed the FCC’s 2015 Open Internet Order.
-
07.28.2017FCC Proposes Rules to Fight Fraudulent RobocallingUpdatesUnsolicited robocalls are the top consumer complaint made to the Federal Communications Commission, which receives over 200,000 complaints a year.
-
07.25.2017New Mexico’s Data Breach Notification Is in Effect: What You Need to KnowUpdatesNew Mexico became the 48th state to enact data breach notification legislation with the Data Breach Notification Act, signed in April and effective as of June 16, 2017.
-
07.20.2017House Panel Approves Groundbreaking Federal Autonomous Vehicle Legislation DraftUpdatesThe House Subcommittee on Digital Commerce and Consumer Protection reached bipartisan agreement on July 19, 2017, regarding major aspects of legislation to address the testing and deployment of autonomous vehicles.
-
05.18.2017FCC Launches Proceeding to Rollback Net NeutralityUpdatesSince we published our previous update, the FCC has adopted a Notice of Proposed Rulemaking to begin the process of rolling back the rules and regulatory framework for net neutrality.
-
05.15.2017Ransomware: How to Avoid It and What to Do If You Have Been HitUpdatesComputer systems around the world have been impacted by the largest cyber-extortion attack in history.
This update has been republished in Computerworld on 05.30.2017, "Answering the WannaCry Wake-up Call." -
04.04.2017Congress Overturns FCC’s Broadband Privacy Order [Updated]UpdatesNew development: President Trump signed the Congressional Review Act (CRA) resolution of disapproval on April 3, 2017.
This update was republished in Cyberspace Lawyer. -
03.03.2017FCC Stay of Broadband Privacy Rules Foreshadows Deregulatory MeasuresUpdatesAs anticipated, the Republican members of the Federal Communications Commission are taking steps to pare down the 2016 Broadband Privacy Order now that they are in the majority.
-
02.06.2017FCC Begins Roll Back of Net NeutralityUpdatesRoughly two weeks since President Donald Trump’s inauguration, the new Chairman of the Federal Communications Commission, Ajit Pai, has taken steps providing further evidence that he plans to roll back FCC actions taken under former Chairman Tom Wheeler, including net neutrality and broadband privacy.
This update was republished in Law360 on 02.13.2017, "The Future Of Net Neutrality Under The New FCC." -
11.30.2016What to Expect From the Trump FCCUpdatesIn the days since the recent election, many tech, media and telecom industry observers remain unsure of what to expect from the Federal Communications Commission under the Trump administration.
-
11.10.2016Bluetooth Beacons: What You Need to KnowUpdatesBluetooth beacons can be a powerful tool for customer engagement.
-
09.13.2016NJ’s Truth-in-Consumer Contract, Warranty and Notice Act: Will Related Class Actions Against Retailers Continue?UpdatesThis year brought a wave of class action complaints alleging that national retailers are violating the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (TCCWNA), N.J.S.A. §§ 56:12-14 et seq., by including certain provisions in their online terms and other consumer-facing notices and agreements.
-
09.07.2016Ninth Circuit Strips FTC of ‘Activities-Based’ Jurisdiction over Common CarriersUpdatesThe FTC has no jurisdiction over common carriers even when they engage in non-common carrier activity, according to a recent U.S. Court of Appeals for the Ninth Circuit opinion.
-
08.01.2016Commission Holds FTC Unfairness Claim Does Not Require “Probable” or Tangible Injury in LabMD Data Security CaseUpdates
The Federal Trade Commission unanimously (3-0) ruled on July 29, 2016 that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act, reversing a decision of its Administrative Law Judge.
-
07.11.2016Data Breach Incident Response: 5 Questions to Ask and New Laws to Know NowUpdatesThe spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways.
-
06.30.2016TCPA LitigationPerkins Coie’s Privacy & Security and Class Action Defense groups defend Telephone Consumer Protection Act (TCPA) cases throughout the country. This newsletter provides updates on litigation and regulatory developments regarding the Telephone Consumer Protection Act (TCPA). View the full newsletter.
-
06.28.2016FCC Proposes Streamlining Foreign-Ownership Review ProcessUpdatesFor two decades, the Federal Communications Commission (FCC) has relied on an inter-agency consulting process to evaluate matters before it that potentially raise issues of national security, foreign policy and trade policy.
-
06.20.2016Six Key Consequences of the D.C. Circuit Upholding Net NeutralityUpdatesOn its third try, the Federal Communications Commission finally got the sweeping net neutrality court victory it had been seeking for years.
-
05.23.2016New Privacy Best Practices for Drone Use Adopted by Industry, Consumer and Media OrganizationsUpdatesConsensus was reached in a proceeding of the NTIA of the U.S. Department of Commerce on a set of privacy best practices for the commercial and recreational use of unmanned aerial systems (UAS), more commonly referred to as “drones.”
-
05.17.2016Spokeo Confirms That Alleging a Statutory Violation Is Not Necessarily Enough to Create StandingUpdatesIn a 6-2 decision, the Supreme Court held that the mere allegation of a statutory violation is not necessarily enough to create Article III standing.
-
20162016 Augmented and Virtual Reality Survey ResultsLawyer PublicationsPerkins Coie and Upload surveyed more than 650 startup founders, executives with established technology companies and investors on the future of augmented and virtual reality.
-
04.13.2016ABA Antitrust Section’s Spring Meeting—What You Need to KnowUpdatesThe American Bar Association held its 64th annual Antitrust Law Spring Meeting April 5–8, 2016, in Washington, D.C. Over 3,000 practitioners, enforcers, economists and academics from around the world came together to discuss and share views on the hottest antitrust topics of the day.
-
04.05.2016What Net Neutrality Wrought: The FCC’s Proposed Broadband Privacy RulesUpdatesAs previously promised in last year’s Open Internet Order, the Federal Communications Commission (FCC or the Commission) has released a Notice of Proposed Rulemaking (NPRM) seeking comment on proposed privacy requirements for broadband internet access service providers.
-
02.05.2016Supreme Court Leaves Door Open to Class Action Settlement Offer Pick-Off DefenseUpdatesRecently, the U.S. Supreme Court held in Campbell-Ewald Co. v. Gomez, 577 U.S. --- (2016), that a lawsuit is not moot after a plaintiff declines to accept an offer of judgment made by the defendant pursuant to Federal Rule of Civil Procedure 68.
-
02.02.2016The New EU-US Privacy Shield: Safe Harbor 2.0UpdatesTwo days after the expiration of the informal deadline to replace the Safe Harbor Framework invalidated by the Court of Justice of the European Union in October 2015, the EU and US have come to terms on a new framework—the “EU-US Privacy Shield.”
-
01.29.2016Data Breach Notification Law in California and Across the Nation Continues to EvolveUpdatesIn four of the last five years, California’s legislature has updated its data breach notification law, expanding its scope and making the required notifications more specific.
-
12.23.2015Europe’s New Global Data Protection LawUpdatesAfter nearly four years of amendments and negotiations, the European Parliament, Council of the European Union and European Commission reached a political agreement on the proposed General Data Protection Regulation (GDPR) on December 15, 2015.
-
11.16.2015FTC Theory of Unrealized Consumer Injury Rejected in LabMD Data Security CaseUpdatesIn what could be a major setback for the Federal Trade Commission (FTC) in the data security arena, an Administrative Law Judge (ALJ) has ruled that an unfairness claim brought by the FTC under Section 5 of the FTC Act requires a showing that substantial injury to consumers is probable, not merely possible, when there is no evidence of actual consumer injury.
-
10.26.2015New DoD Cybersecurity Rule and How Contractors Can Reduce Their RisksUpdatesThe Department of Defense (DoD) issued an interim cybersecurity rule in August 2015 that, among other things, revises the existing Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity clause and increases security and reporting obligations for DoD contractors.
-
10.23.2015Could a Vendor’s Lax Info Security Ruin Your Holiday Sales? Seven Preventative Steps for RetailersUpdatesMany of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation.
-
10.07.2015Navigating the Unsafe Harbor: Keep Calm and Carry OnUpdatesThe Court of Justice of the European Union (CJEU) issued its landmark decision in Maximillian Schrems v. Data Protection Commissioner on October 6, 2015, ultimately invalidating the U.S.-EU Safe Harbor Framework.
-
09.28.2015SEC’s Increased Cybersecurity Enforcement and How to Reduce Your RisksUpdatesThe SEC’s recent activity is part of a larger regulatory enforcement trend that should serve as a warning to all public companies that they would be wise to review and revise their cybersecurity policies, procedures and practices to ensure that they are adequate in today’s changing environment.
-
08.26.2015Third Circuit Affirms FTC Authority to Police Whether Companies Have Reasonable Data SecurityUpdatesSince at least 2005, the Federal Trade Commission has asserted that it may regulate lax data security practices as an “unfair” business practice under Section 5 of the FTC Act. The Wyndham hotel chain was the first to challenge this authority in court. In a highly anticipated opinion, the U.S. Court of Appeals for the Third Circuit resoundingly agreed with the FTC that a failure to implement reasonable data security measures may constitute an unfair business practice under Section 5.
-
08.12.2015Buried in the Fine Print—The FTC Addresses Prior Express Consent Under the TSRUpdatesIn a July 14, 2015 letter to PayPal, the FTC indicated that consent language buried within a “lengthy user agreement” does not satisfy the requirement under the Telemarketing Sales Rule (TSR) that companies obtain prior express consent before making automated or prerecorded calls (robocalls) for telemarketing purposes.
-
07.17.2015The July 2015 TCPA Omnibus Declaratory Ruling and Order: The Good, the Bad, and the UglyUpdatesIn last Friday’s long-awaited TCPA Omnibus Declaratory Ruling and Order (Order), the Federal Communications Commission (FCC or Commission) may have dramatically altered the landscape for TCPA class action defense.
-
07.07.2015BIS Proposes Significant New Export Controls on Cybersecurity ItemsUpdatesThe Bureau of Industry and Security (BIS) recently issued a proposed rule that would require an export license for specified cybersecurity items to all destinations, except Canada.
-
06.24.2015Data Breach Requirements Expand in Nevada, Connecticut, Oregon and IllinoisUpdatesFour state legislatures closed their sessions with changes to their data breach notification laws, potentially imposing significant new compliance burdens.
-
06.22.2015FCC’s $100M AT&T Penalty Based on Net Neutrality Transparency RuleUpdatesLast week, an FCC divided on partisan lines adopted a Notice of Apparent Liability for Forfeiture and Order (the NAL) against AT&T with an unprecedented proposed penalty of $100 million as well as numerous other compliance obligations, marking the first time the agency has enforced its net neutrality transparency rule.
-
06.04.2015Worldwide CEO-CFO Cyber Scam: Prevention and Recovery TipsUpdatesA simple yet highly effective and increasingly common cyber scam, based on social engineering and playing on fear, the desire to be helpful and other emotions, has caused U.S. companies of all sizes to lose millions of dollars in recent months.
-
05.15.2015Spring 2015 Legislative Roundup: States Expand Data Breach Notification RequirementsUpdatesDuring their spring 2015 legislative sessions, Washington, Wyoming, Montana, and North Dakota expanded their data security breach notification laws.
-
05.08.2015FTC Ramps Up Scrutiny of Retail Location AnalyticsUpdatesTo improve customer experience and understand customers’ movements and interactions on their premises, retailers, hotels and other brick-and-mortar businesses increasingly use signals from mobile devices to observe their customers’ movements.
-
05.05.2015Consumer Privacy and Broadband: The Debate BeginsUpdatesPrivacy and data security are high priorities of the Federal Communications Commission (FCC) under the leadership of Chairman Tom Wheeler. In addition to significant enforcement actions against AT&T and TerraCom/YourTel that take a page out of the playbook of the Federal Trade Commission (FTC), the FCC’s recent Open Internet Order for the first time imposes the privacy obligations of Section 222 of the Communications Act of 1934, as amended (the Act) on broadband Internet service providers.
-
04.14.2015President Issues Executive Order to Block Assets of Foreign Cyber AttackersUpdatesPresident Obama recently issued Executive Order 13694 (EO 13694 or EO), “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.” EO 13694 is aimed at deterring cyber attacks, cyber espionage and cyber thefts, which have become increasingly common in recent years.
-
02.17.2015FAA Proposes Rules for Commercial UAVs; White House Launches UAV Privacy InitiativeUpdatesOn February 15, 2015, the FAA issued its long-awaited notice of proposed rulemaking on small unmanned aerial vehicles (UAVs). Currently, federal law prohibits commercial use of UAVs without advance approval, typically through the so-called Section 333 approval process.
-
01.08.2015Data Breach Plaintiffs Survive Dismissal Against TargetUpdatesTarget’s 2013 data breach has generated over 100 consumer lawsuits, which were consolidated last year before the U.S. District Court for the District of Minnesota. On December 18, 2014, Judge Paul A. Magnuson issued a decision on Target’s motion to dismiss the consolidated consumer cases.
-
12.18.2014Facing TCPA Claims for Texting Advertisements? You May Also Have Some Insurance Coverage ConcernsUpdatesDuring this busy holiday shopping season, retailers may end up facing litigation under the Telephone Consumer Protection Act (TCPA) for sending advertisements to consumers’ cell phones.
-
12.11.2014Top 12 Ways Retailers Can Address Privacy Issues This Holiday SeasonUpdatesIn this installment of “Perkins Coie Wrapping Papers,” we take inspiration from “The Twelve Days of Christmas” to provide an overview of the top twelve privacy and data security issues retailers should consider as the year comes to a close.
-
12.02.2014My Vote for Privacy Person of the YearUpdatesThere isn’t an official Privacy Person of the Year award. If there were, Edward Snowden almost certainly would have won it last year. Instead, he finished in second place, behind Pope Francis, as TIME Magazine’s 2013 Person of the Year. The honor goes to the person whom the editors of TIME believe has most influenced the news that year, whether for good or bad.
-
11.06.2014Avoid a Class Action Lawsuit Landing in Your Holiday StockingUpdatesThe holidays are quickly approaching, and shoppers are expected to spend in excess of $600 billion this season. The holiday season is shaping up to become a winter wonderland for retailers.
-
10.07.2014Third Quarter 2014: States Expanding Data Breach Notification RequirementsUpdatesCalifornia, Florida, Kentucky, and Iowa have changed their security breach notification requirements in the past few months.
-
06.17.2014Risk of Data Breaches Keeping You Up? Assess Data Security Before The Holiday SeasonUpdatesAs retailers prepare for the upcoming holiday shopping season, Perkins Coie’s Retail & Consumer Products industry group is proud to introduce its 9th annual “Perkins Coie Wrapping Papers.” These updates will highlight some of the legal issues retailers face during this critically important holiday shopping season.
-
06.09.2014In Right to Be Forgotten Proceedings, Who Represents the Public Interest?UpdatesIn its newly published Fact Sheet on the Right to Be Forgotten, the European Commission has tried to dampen the negative reaction to the European Court of Justice (ECJ) Right to Be Forgotten decision by noting that the right is not absolute and that careful consideration of each case will be necessary before search engine operators will be required to censor search results:
-
06.04.2014The Right to Be Forgotten, EverywhereUpdatesWhile most people have focused on the free speech and implementation difficulties of the “right to be forgotten” announced by the European Court of Justice (ECJ) in Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos [google.com] (Mario Costeja González), there are serious jurisdictional implications for the Internet, intermediaries and content publishers that largely have been ignored.
-
05.30.2014Google Begins the Process of Implementing the 'Right to be Forgotten'UpdatesGoogle has taken the first step to implement the “Right to be Forgotten” decision by the European Court of Justice (ECJ). It has provided individuals a form to complete to request that their personal information be removed from Search or Image Search results.
-
04.30.2014Theft of Unencrypted Laptops Leads to Two HHS Settlements Totaling Nearly $2 MillionUpdatesOn April 22, the U.S. Department of Health and Human Services (HHS) announced settlements with both Concentra Health Services (Concentra) and QCA Health Plan, Inc. (QCA). Through these latest settlements, HHS is reiterating its message to covered entities and business associates that laptops and similar devices containing electronic protected health information (ePHI) should be encrypted.
-
04.09.2014Federal Court Holds That FTC May Regulate Company Data Security PracticesUpdatesIn a closely watched and first-of-its-kind case, the U.S. District Court for the District of New Jersey rejected, for purposes of a motion to dismiss, a defendant company’s argument that the Federal Trade Commission (FTC) lacks authority to regulate data security practices under Section 5 of the FTC Act.
-
04.03.2014FCC Clarifies TCPA MandatesUpdatesThe FCC last week issued two declaratory rulings interpreting the Telephone Consumer Protection Act (TCPA). While the rulings in each are limited to the specific requests set forth in the petitions, they include broad language and reasoning that will be helpful for businesses looking for ways to reach their customers without running afoul of the TCPA.
-
02.26.2014Possibility of Future Harm Allows Sony Data Breach Plaintiffs to Survive Motion to DismissUpdatesThe Southern District of California last month let 8 out of 51 claims survive in a putative class action arising out of the 2011 breach of the Sony PlayStation network. In re Sony Gaming Networks & Customer Data Sec. Breach Litig., MDL 11MD2258 AJB MDD, 2014 WL 223677 (S.D. Cal. Jan. 21, 2014) (Sony II).
-
10.30.2013Ready for the November 1st New Job Assistance Ordinance in Seattle? Here's a Checklist for Criminal Background Check Compliance for the Hiring ProcessUpdatesNovember 1, 2013 marks the start of new restrictions on Seattle employers’ use of criminal background checks for employment purposes.
-
10.17.2013Is Your Company Ready for California's Expanded Data Security Notification Law?UpdatesEffective January 1, 2014, California residents must be notified when the information used to access their email or other online accounts is compromised in a data security breach incident.
-
10.08.2013Are You Ready for the New TCPA Regulations Regarding Text/SMS Marketing That Go Into Effect on October 16, 2013?UpdatesOn October 16, 2013, new rules promulgated by the Federal Communications Commission on June 11, 2012 implementing the Telephone Consumer Protection Act of 1991 go into effect regarding the requirements for prior written consent necessary to send text/sms marketing messages.
-
09.12.2013Ready for HITECH Changes on September 23, 2013? Find Out With This Compliance Checklist for Employer-Sponsored Health PlansUpdatesThe final regulations implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act were issued in January and compliance is required by September 23, 2013.
-
08.26.2013Health Plan Agrees to $1.2 Million Settlement for Photocopier HIPAA Security BreachUpdatesThe Department of Health and Human Services (HHS) announced a settlement on August 14, 2013, with Affinity Health Plan (Affinity), a not-for-profit managed care plan, which included a payment of $1,215,780, for a HIPAA security violation caused by Affinity’s failure to remove Electronic Protected Health Information (EPHI) from the hard drive of a leased photocopier that was returned to the leasing company.
-
07.01.2013The New COPPA Rule Takes Effect Today — Are You Ready?UpdatesIn December 2012, the Federal Trade Commission (FTC) adopted final amendments to the Children's Online Privacy Protection Act (COPPA) Rule, which regulates how companies may collect information online from children under 13. Last month, the FTC also issued an updated set of Frequently Asked Questions regarding the revised COPPA Rule. The revised COPPA Rule went into effect today, July 1, 2013, and will impact "operators" of certain websites and online services for a long time to come.
-
04.16.2013Data Breach Class Actions Can't Survive Certification Without Expert Testimony on Classwide DamagesUpdatesThis is the latest opinion in the ongoing litigation arising out of a massive data breach suffered by Hannaford Bros. grocery stores. In re Hannaford Bros. Privacy Litigation, __F. Supp. 2d __, Case No. 2:08-MD-1954-DBH, 2013 WL 1182733 (D. Me. Mar. 20, 2013).
-
04.04.2013Concerns About Databases of Retail Employee TheftsUpdatesOn April 3, 2013, the New York Times published an article about commercial databases that contain reports from retail employers about employees who were accused of stealing from their workplaces.
-
03.21.2013U.S. Supreme Court Rejects Attempt to Manipulate Federal Jurisdictional Threshold Under Class Action Fairness ActUpdatesThe U.S. Supreme Court unanimously ruled in Standard Fire Insurance Co. v. Knowles, 568 U.S. __, No. 11-1450, 2013 WL 1104735 (Mar. 19, 2013), that plaintiffs attempting to bring a class action lawsuit cannot escape federal jurisdiction by agreeing to seek less than $5 million in damages.
-
03.19.2013Retailers Beware: Massachusetts Court Restricts Ability to Collect ZIP Codes at Point of SaleUpdatesThe Supreme Judicial Court of Massachusetts recently held that collecting a consumer's ZIP code at the point of sale may violate Massachusetts General Laws Chapter 93, Section 105(a) (Section 105(a)), which restricts the ability of retailers to collect personal identification information (PII) from consumers in connection with a credit card transaction.
-
03.18.2013LinkedIn Data Breach Lawsuit Dismissed for Lack of StandingUpdatesA federal judge in the Northern District of California recently added to the growing list of cases rejecting attempts to recover damages resulting from data breaches. In In re LinkedIn User Privacy Litigation, Case no. 5:12-CV-03088 EJD (March 6, 2013), the court dismissed a lawsuit brought by LinkedIn users who were upset over the June 2012 posting of 6.5 million stolen LinkedIn user passwords.
-
02.05.2013California Supreme Court Decision Signals Victory for Online RetailersUpdatesThe California Supreme Court recently issued a landmark ruling in Apple Inc. v. Superior Court (formerly Krescent v. Apple Inc. in trial court proceedings), a case with wide-reaching implications for consumer privacy in e-commerce. The issue before the Court was whether California’s Song-Beverly Credit Card Act (the Act), which generally prohibits retailers from collecting or requesting personal identification information (PII) as a condition of accepting credit card payments, should apply to online retailers.
-
02.04.2013Are You Recording Your Customers’ Calls? Better ListenUpdatesFederal law and most states only require one party to a phone call to consent to recording it, which means the person recording the call doesn’t need anyone else’s permission; however, a minority of states, including California, require all parties to a call to provide consent. While you might think you are safe if you do the recording in a one-party consent state, like Georgia, California’s highest court has made clear that California law will apply no matter where you are located if you do business in California and record a call with a California client. Kearney v. Salomon Smith Barney, Inc., 39 Cal. 4th 95 (2006).
-
01.28.2013New HIPAA Omnibus Rule Implementing Provisions of the HITECH Act: An Overview of ChangesUpdatesFinal implementing regulations for many provisions of the HITECH Act (Health Insurance Technology for Economic and Clinical Health Act) were issued by the Department of Health and Human Services recently, and will appear in the Federal Register on January 25, 2013. Informally referred to as the Omnibus Rule, the regulations address a number of changes to the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA breach notification rule, HIPAA privacy and security enforcement provisions, Business Associate definition and agreement requirements, and the interaction between HIPAA and the Genetic Information Nondiscrimination Act.
-
01.22.2013California Supreme Court to Rule on Legality of Collecting Customer Information During Online Credit Card PurchasesUpdatesCompanies that accept online credit card payments should be keeping an ear very close to the ground for the California Supreme Court’s decision in Apple v. Superior Court (Krescent), expected within the next few weeks. Depending on how the court rules, the case has the potential to spawn a flood of class actions against online retailers and change the way web payments are processed.
-
01.03.2013FTC Expands Scope of Children's Privacy Law to Keep Pace With New TechnologiesUpdatesOn December 19, 2012, the Federal Trade Commission (FTC) finalized amendments to the Children's Online Privacy Protection Rule (the Rule), which applies to operators of commercial websites or online services that (1) are directed to children under the age of 13 or (2) have actual knowledge that they are collecting personal information from a child under the age of 13.
-
12.20.2012The Retail Point of Sale Goes MobileUpdatesMobile point-of-sale payment terminals have experienced explosive growth over the past year. Unlike a traditional point-of-sale terminal, a mobile terminal communicates wirelessly when processing payment cards. There are different types of solutions in the market, but one popular type is an application within a mobile device, like a smartphone or tablet, that uses a hardware attachment to swipe payment cards.
-
12.12.2012Is Your Company's Mobile App Violating CalOPPA?UpdatesOn December 6, 2012, the California attorney general filed suit against Delta Airlines for failing to provide mobile application users with adequate notice of its privacy practices.
-
12.04.2012FCC Rules That Confirmatory Opt-Out Text Messages Don't Violate the TCPA Under Certain CircumstancesUpdatesIn a ruling that will impact certain aspects of how companies handle their SMS/text message promotional programs, on November 29, 2012, the Federal Communications Commission released a Declaratory Ruling regarding the Telephone Consumer Protection Act (TCPA) pursuant to a request by SoundBite Communications, Inc.
-
11.28.2012Don't Let a Data Breach Diminish Your Retail Profits This Holiday SeasonUpdatesFor the first time, online retail sales exceeded $1 billion on Black Friday and reached nearly $1.5 billion on Cyber Monday this year. Analysts expect this increase in e-commerce to continue, and Forrester Research estimates that online sales this holiday season will exceed $68.4 billion—a 15 percent increase over 2011.
-
07.02.2012Unexpected Dismissal by Supreme Court Leaves Intact Ninth Circuit Decision Holding That Violation of a Statutory Right, Without Actual Damage, Confers Article III StandingUpdatesA Supreme Court decision long-awaited by the class action bar and businesses was a surprise non-event last Thursday when, seven months after hearing oral arguments in First American Financial Corp. v. Edwards, the Supreme Court issued an order dismissing the writ of certiorari in the case as improvidently granted. The Supreme Court's per curiam order, presented without reasoning, left intact the Ninth Circuit's holding that a plaintiff who pled a statutory violation but not actual damages had standing under Article III of the U.S. Constitution, which requires that a plaintiff has suffered a concrete “injury in fact.” The Supreme Court's decision means that, at least in the Ninth Circuit “[t]he injury required by Article III can exist solely by virtue of ‘statutes creating legal rights, the invasion of which creates standing.’”
-
04.19.2012HIPAA Enforcement Comes to Small Providers: $100,000 and Heightened Compliance ObligationsUpdatesA small cardiac surgery practice (two owners; currently five physicians) is the latest covered entity to enter into a settlement agreement and Corrective Action Plan (CAP) with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), to resolve alleged violations of the HIPAA privacy and security regulations. In announcing the $100,000 settlement OCR Director Leon Rodriguez stated, "OCR expects full compliance no matter the size of a covered entity."
-
03.27.2012Class Action Complaints Strictly Interpret Privacy Policy RequirementsUpdatesSeveral class action complaints filed in recent months take a novel approach regarding the requirements for website privacy policies under California's "Shine the Light" law.
-
03.15.2012HIPAA Breach: Stolen Hard Drives Lead to $1.5 Million SettlementUpdatesBlueCross BlueShield of Tennessee (BCBST) has agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HHS) and enter into a Corrective Action Plan (CAP) to settle alleged violations of the HIPAA privacy and security regulations. The enforcement action arose from the theft of 57 hard drives that contained audio and video recordings of customer service calls and included electronic protected health information (ePHI) of over one million individuals. The settlement resolves HHS’s first enforcement action in connection with the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule. The CAP also provides insight into the kinds of security measures HHS expects companies in possession of ePHI to have in place.
-
02.08.2012Proposed EU Regulation Promises Significant Changes to Consumer PrivacyUpdatesThe European Commission's proposed "Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data" offers a significantly higher level of legal harmonization and predictability across Europe, but at the price of more stringent requirements and availability of stricter sanctions.
-
01.27.2012SEC Warns Investment Advisers About Social Media UseUpdatesJust as more professionals have started taking advantage of social media to develop and grow their business, the financial services industry is following suit. However, given the highly regulated nature of this industry, financial services professionals must be aware of special regulatory considerations when utilizing social networking tools.
-
01.11.2012California's Song-Beverly Act Does Not Apply to Kiosk TransactionsUpdatesOn January 6, 2012, the U.S. District Court for the Central District of California dismissed with prejudice Mehrens v. Redbox Automated Retail, LLC, a putative class action against Redbox alleging that Redbox violated California's Song-Beverly Credit Card Act by requesting ZIP codes and email addresses in connection with credit card transactions.
-
10.06.2011FTC Proposes Changes to Children's Online Privacy Protection RuleUpdatesOn September 15, 2011, the Federal Trade Commission (FTC) released the changes it is proposing to make to the Children’s Online Privacy Protection Rule (required by the Children’s Online Privacy Protection Act, or COPPA), which has been in effect since 2000. To address technological developments in the past decade, the FTC is recommending a number of changes.
-
03.11.2011Have You Been Sued for Recording ZIP Codes? Your Insurance May Cover the ClaimUpdatesFollowing the recent California Supreme Court’s decision in Pineda v. Williams-Sonoma Stores, Inc., 2011 WL 446921 (Cal. Feb. 11, 2011), numerous class action lawsuits have been filed under the Song-Beverly Credit Card Act of 1971, Cal. Civ. Code §§ 1747 et seq. ("Credit Card Act"), a state statute designed to protect the personal privacy of credit card users. These lawsuits expose California businesses to considerable defense costs and the potential for substantial damages. Law360 reports that in the wake of this ruling at least 30 proposed class actions have been filed in California, and many more are on the way. That’s the bad news. The good news is that these claims may be covered under your Commercial General Liability ("CGL"), Errors and Omissions ("E&O"), or Directors and Officers ("D&O") Liability insurance policies.
-
02.15.2011California Supreme Court Rules That ZIP Codes Are "Personal Identification Information" Under Song-Beverly ActUpdatesOn February 10, 2011, the California Supreme Court held that a customer's ZIP code is "personal identification information" ("PII") under the California Song-Beverly Credit Card Act of 1971 and that businesses cannot request and record a customer's ZIP code during a credit card transaction.
-
12.20.2010Red Flags Rule Now Excludes Lawyers, Doctors, and Other ProfessionalsUpdates
On December 18, 2010, President Obama signed the Red Flag Program Clarification Act of 2010. Effective immediately, the act changes the definition of the word “creditor” in the FTC Red Flags Rule to exclude most professionals that take payment after rendering services.
-
12.09.2010FTC's Preliminary Report on Protecting Consumer Privacy – What It Means for Your BusinessUpdatesThe Federal Trade Commission (FTC) issued a staff report last week that calls on companies to more effectively protect consumer privacy. Stressing that current models for consumer privacy protections have failed to keep pace with technological growth and consumer expectations, the FTC proposes a framework intended to inform future laws and policies.
-
11.03.2010Amazon.com Obtains Declaratory Judgment Against the State of North Carolina’s Efforts to Obtain Customers' Online Purchase RecordsUpdatesThe U.S. District Court for the Western District of Washington granted Amazon.com's request for declaratory judgment that the North Carolina Department of Revenue’s (the Department) information requests for the production of customer purchase records violated the First Amendment and the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710. Amazon.com LLC v. Lay, No. C10-664-MJP, 2010 WL 4262266 (W.D. Wash. Oct. 25, 2010).
-
10.29.2009Jury's $1.8 Million Message to Employer: No Pretexting in Employee InvestigationsUpdatesEmployers are learning the hard way that gaining access to private employee information during workplace investigations can lead to lawsuits, liability and headaches.
-
10.2009Mrazik Writes on Online AnonymityArticlesIn the featured article in E-Commerce Law Reports, Volume 9, Issue 4, Seattle associate Ryan Mrazik published an article examining Cohen v. Google Inc., in which a trial judge in New York state ordered Google to identify an anonymous person who had posted allegedly defamatory statements on a blog. Mrazik argues that the case was more about New York state civil procedures and the pleading requirements for defamation and less about the right to anonymous speech on the internet.
-
07.30.2009FTC Again Extends the Deadline for Red Flags Rule EnforcementUpdatesThe FTC recently extended the enforcement deadline for the Red Flags Rule until November 1, 2009. The Rule was originally scheduled to go into effect on November 1, 2008, but on Wednesday, July 29, 2009, the FTC announced that it was delaying enforcement for the third time because a number of industries and entities within the FTC’s jurisdiction still expressed confusion and uncertainty about what types of entities would be subject to the Rule and what the Rule actually required of covered entities.
-
07.2009Opinion: It May Be Social, But It's Still MediaArticles
Computerworld
(republished by CIO, InfoWorld and IT World)
(The attached article/editorial reflects the personal opinions of its author(s) and does not necessarily represent the views of Perkins Coie.)
Presentations
-
04.03.2024
-
03.01.2024
-
12.29.2023The Matryoshka Effect: Unpacking the Layers of Emerging Privacy and Cybersecurity IssuesSpeaking EngagementsPanelist
Lawline
New York CLE / Virtual -
12.18.2023Toward a Goldilocks Deal on 702 Surveillance ReformSpeaking EngagementsCo-Moderator
NYU School of Law / Virtual -
12.2023
-
11.27.2023
-
10.18.2023Privacy and Public Interest CareersSpeaking EngagementsUCLA Institute for Technology, Law & Policy / Los Angeles, CA
-
10.04.2023Children’s Privacy & Safety: Understanding the Law + A Practical Guide to Keeping Kids Safe OnlineSpeaking EngagementsNAWL Women in Education Law / Virtual
-
09.15.2023Privacy Law SalonParticipant
Invitation-Only Seminar / Washington, D.C. -
06.29.2023Data Privacy, Challenges to Information Security, and Data TransfersSpeaking EngagementsAssociation of Corporate Counsel Corporate Counsel University / Minneapolis, MN
-
06.26.2023AI For Attorneys: Managing Risks & Best PracticesSpeaking EngagementsModerator
Privacy & Cybersecurity Section / Los Angeles, CA -
06.15.2023A Privacy Lawyer’s Guide to Using Big Data for AISpeaking Engagements2023 IAPP Data Protection Intensive / Rotterdam, The Netherlands
-
06.07.2023Demystifying Washington State’s My Health, My Data ActWebinarsThe recently enacted My Health, My Data Act (MHMD) will regulate the collection, use, sharing, analysis, and sale of health-related data of individuals in Washington state and beyond.
-
05.31.2023Spring Awakening: Blossoming Trends in Data Privacy and Cybersecurity LawSpeaking EngagementsDallas Association of Young Lawyers / Webinar
-
04.13.2023California Data Breach & Privacy Litigation UpdateWebinarsAs technology continues to advance, the risk of cyber threats and information security breaches continues to rise. Businesses should stay current on cybersecurity and related class-action litigation developments, and take essential steps to protect themselves and consumer data.
-
10.26.2022Integrating New DOJ Guidance into Compliance OperationsWebinarsMultidisciplinary panel of lawyers from Perkins Coie’s White Collar & Investigations, Privacy & Security, Labor & Employment, and Corporate & Securities practices discussed recent changes to the DOJ corporate criminal enforcement policies and their impact on business organizations and their compliance operations.
-
10.13.2022Identifying and Mitigating the Real-World Privacy Issues When Using Big DataSpeaking Engagements2022 IAPP Privacy. Security. Risk. / Austin, TX
-
07.31.2022Laws and Regulations For the Crypto/NFT World: Breaking ParadigmsSpeaking EngagementsSponsorship
Panelist
NFT Expoverse / Los Angeles, CA -
04.02.2022Practice Panel: Regulation & LitigationSpeaking EngagementsTech, Law & Gender Conference
Harvard Law School / Cambridge, MA -
03.23.2022
-
03.11.2022Privacy & Access Series: Emerging Privacy RegimesSpeaking EngagementsPanelist
UCLA Institute for Technology Law & Policy / Los Angeles, CA -
01.13.2022Ransomware Attacks Before and After: Preparation, Governance, Training, and RemediationSpeaking Engagements
Incident Response Forum Ransomware 2022 / Virtual
The conference’s stellar faculty—including senior government cybersecurity officials and nearly two dozen other legal and consulting luminaries in the field of ransomware response—will discuss the most important issues now facing attorneys and professionals who work in this area. -
01.11.2022The Evolving Landscape of Financial Services Privacy – CPRA and BeyondSpeaking EngagementsCLA Business Law Section’s Internet Privacy Law and Financial Institutions Committees / Webinar
-
12.14.2021FTC Privacy & Data Security 2021 Year in ReviewWebinars
-
07.07.2021CCPA Year-In-Review Consumer Finance Executive RoundtableWebinarsCalifornia was the first state in the country to provide a private cause of action to consumers whose sensitive personal information was exposed by data breaches.
-
06.16.2021CCPA Year-In-Review Ad Tech Executive RoundtableWebinarsCalifornia was the first state in the country to provide a private cause of action to consumers whose sensitive personal information was exposed by data breaches.
-
03.23.2021US Privacy Updates: Recent Developments at State and Federal LevelSpeaking EngagementsA webinar discussing recent legislative developments at state and federal level in the U.S., including recently introduced bills, the status of bills currently in the legislative process, and the continued prospect of a federal privacy law.
-
02.25.2021U.S. International Trade Commission Section 337 Basics and TrendsWebinarsCalifornia Lawyers Association / VirtualThe U.S. International Trade Commission (ITC) can stop the importation of goods that infringe on U.S. intellectual property rights. With its expedited schedule and specialized procedures, the ITC resolves disputes quickly and issues remedial orders enforced at U.S. ports of entry by U.S. Customs and Border Protection (CBP) agents.
-
02.16.2021Diverse Perspectives on Careers in Privacy and CybersecuritySpeaking EngagementsLos Angeles County Bar Association / Webinar
-
12.09.2020Privacy for Retail Roundtable: Preparing for the CPRAWebinarsThis Privacy for Retail roundtable discusses the new California Privacy Rights Act (CPRA) and its impact on the retail industry.
-
12.08.2020CPRA, AI and Cybersecurity—Trends to Watch in 2021Webinars
-
11.05.2020Implementing an In-House Data Privacy ProgramSpeaking EngagementsAssociation of Corporate Counsel (ACC) / San Diego, CA
This webinar discussed managing company data privacy programs in a rapidly changing legal and regulatory environment, providing in-house and outside counsel perspectives on developing and handling the phases of compliance for a data privacy program and practical guidance on complying with the California Consumer Privacy Act (CCPA).
-
10.29.2020US Privacy Update: Recent Developments in Privacy LegislationSpeaking EngagementsOneTrust: Privacy, Security & Governance / Webinar
-
10.22.2020What State AGs Want to See in a Federal Privacy LawSpeaking EngagementsModerator
Privacy + Security Forum Virtual Fall Academy 2020 / Webinar -
10.08.2020Hot Topics and Legal Trends in AI and AdvertisingWebinarsCustomers today expect services and products to be personalized and relevant, which makes AI and machine learning in advertising even more important.
-
10.02.2020Cybersecurity, Data Privacy and Insurance During the COVID-19 Pandemic: Is Your Company Covered?Speaking EngagementsAssociation of Corporate Counsel / Virtual
-
09.24.2020Incident Response in the U.S. and in the EU: The Primary DistinctionsSpeaking EngagementsIncident Response Forum Europe 2020 / Virtual Event
-
08.04.2020 - 08.06.2020ChIPs 2020 Next Gen SummitConference
-
07.28.20202020 Perkins Coie AR/VR Survey ResultsWebinarsIn this webinar, experts from across the industry discussed highlights from the survey findings and their expectations for the future of XR technology.
-
07.07.2020Threat and Breach Response: What's New?Speaking EngagementsAmelia Gerlicher and Alexandria Bradshaw will explore trending attacks, review U.S. breach notification law, as well as share insight into recent legislative updates and the trends that continue to drive changes to state law.
-
06.24.2020ChIPs 2020 Mock Pitch ProgramSpeaking Engagements
-
05.14.2020Data Privacy and the California Consumer Privacy Act (CCPA): New Requirements for Chinese Businesses in the U.S. MarketWebinarsChinese businesses operating in the United States are subject to a variety of laws concerning the collection, use, and protection of customer information. An important recent law in this area is the California Consumer Privacy Act (CCPA).
-
04.09.2020 & 04.14.2020COVID-19 Corporate Leader Considerations Two-Part Webinar SeriesWebinarsLeading during a health pandemic requires strength, vision, and an ability to look around corners. Join us for a two-part webinar series that will highlight a variety of risks and opportunities that company leaders should be aware of as we navigate through major business changes.
-
02.25.2020The CCPA Is Here: What’s Changed and What You Need to Know for ComplianceSpeaking EngagementsPanelist
RSA® Conference 2020 / San Francisco, CA -
01.28.2020The California Consumer Privacy Act, One Month In: A Panel Discussion to Celebrate World Data Privacy DaySpeaking EngagementsModerator
Los Angeles County Bar Association / Los Angeles, CA -
10.10.2019
-
07.18.2019Is the Sky Falling?: Managing Enforcement Risk Under the California Consumer Privacy Act?WebinarsPerkins Coie’s CCPA Week
This webinar will address enforcement risks under the CCPA, and how to manage compliance obligations to minimize litigation risk. Our speakers are class action litigators actively consulting clients in CCPA compliance. The topics will include, among other things, a discussion about the various enforcement mechanisms, notice and operational strategies to minimize risk, third party contracts, and exceptions and defenses to CCPA claims. -
07.18.2019The California Consumer Privacy Act and BlockchainWebinarsThis webinar explores the steps policyholders can take now to address coverage issues presented by the CCPA. Topics include the types of policies that may respond to CCPA claims, how to negotiate favorable terms in your insurance policies and tips on loss management strategies.
-
07.17.2019How California's New Privacy Law Impacts Brick-and-Mortar BusinessesWebinarsPerkins Coie’s CCPA Week
This webinar will explore how the CCPA differs from the GDPR, how retailers can leverage existing compliance initiatives and governance programs to prepare for the CCPA and the unique challenges and opportunities retailers are likely to face in compliance efforts. -
05.16.2019Data Protection and Security Risk Management: A Corporate Counsel GuideSpeaking EngagementsPanelist
Annual Chapter Conference
ACC Wisconsin/ Elkhart Lake, WI -
05.10.2019Advanced Attacks in CybersecuritySpeaking EngagementsModerator
TiEcon 2019
TiE Silicon Valley / Santa Clara, CA -
05.03.2019Privacy at Scale: Building and Growing a Privacy ProgramSpeaking EngagementsIAPP Global Privacy Summit 2019 / Washington, D.C.
-
05.01.2019Privacy Bar Section Forum: When Regulators Work TogetherSpeaking Engagements
-
03.28.2019Privacy and Data SecuritySpeaking EngagementsPanelist
Cardozo Society of the Jewish Federation of Greater Phoenix / Phoenix, AZ -
03.27.2019Privacy and Data SecuritySpeaking EngagementsPanelist
Greater Phoenix Economic Council / Phoenix, AZ -
10.24.2018Introduction to ECPA
Partner John Roche provides an introduction to legal process issued under the Electronic Communications Privacy Act (ECPA), including a broad overview of the appropriate approach to requests for user data and content from governmental entities, as well as civil and criminal litigants.
-
04.25.2018Made in China 2025: Implications for U.S. LawSeminarsShenzhenA presentation with Perkins Coie LLP and the Zhonglun W&D Law Firm on key legal issues faced by companies doing business in the U.S. We shared practical insights based on our deep experience and understanding of the complex legal and business issues facing Asia-based companies doing business abroad.
-
04.23.2018Made in China 2025: Implications for U.S. Law and Chinese LawSeminarsBeijing, ChinaA presentation with Perkins Coie LLP, Zhonglun W&D Law Firm and China Chamber of International Commerce on key legal issues faced by companies doing business in the U.S. We shared practical insights based on our deep experience and understanding of the complex legal and business issues facing Asia-based companies doing business abroad.
-
04.20.2018Made in China 2025: Implications for U.S. LawSeminarsShanghai, ChinaA presentation with Perkins Coie LLP, Shanghai L&W Intellectual Property Law Office, Zhonglun W&D Law Firm and Shanghai Pudong Association for Investment & Financing on key legal issues faced by companies doing business in the U.S. We shared practical insights based on our deep experience and understanding of the complex legal and business issues facing Asia-based companies doing business abroad.
-
04.28.2017Trends in Data Breach LitigationSpeaking EngagementsClass Action Conference / Seattle, AZ
-
11.09.2016Data Security Breaches: Responding with Technology - November 9, 2016WebinarsA presentation on the increasing prevalence of data security breaches and how discovery technology can expedite efficient and compliant response.
-
10.24.2016 - 10.26.2016Privacy + Security Forum 2016Speaking Engagements
The 2016 Privacy + Security Forum breaks down the silos of privacy and security by bringing together seasoned thought leaders, regulators and consumer advocates for workshops and intensive deep dives into the cutting-edge issues involving data collection, use and management. Forum speakers, including Perkins Coie attorneys Tom Bell, Meredith Halama and Janis Kestenbaum, will engage the highly experienced audience in discussion, scenarios, and hands-on activities exploring new threats, laws and challenges. To learn more, visit www.privacyandsecurityforum.com.
-
10.12.2016Data Security Breaches: Responding with Technology - October 12, 2016WebinarsE-Discovery Services & Strategy WebinarA presentation on the increasing prevalence of data security breaches and how discovery technology can expedite efficient and compliant response.
-
09.15.2016Data Security Breaches: Responding with Technology - 09/15/2016Speaking EngagementsCLE Presentation / Seattle, WAWe will discuss the increasing prevalence of data security breaches and how discovery technology can expedite efficient and compliant response.
-
03.15.2016Data Security Breaches: Responding with Technology - 03/15/2016Speaking EngagementsCLE Presentation / Seattle, WAIn this program, we discussed the increasing prevalence of data security breaches and how discovery technology could expedite efficient and compliant response.
-
02.11.2016Security for Startups and Others: Lessons from the FTC’s “Start with Security” Seattle RoadshowSpeaking Engagements
Panelist
CLE Presentation / Seattle, WA -
02.01.2016
-
01.15.2015Federal Regulatory, Legislative, and Enforcement Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives into Your Privacy and Compliance Program
Panelist
ACI 15th Advanced Global Legal & Compliance Forum on Cyber Security & Data Privacy and Protection / Washington, D.C. -
07.14.2011Accessing, Using, and Disclosing User Information under the Electronic Communications Privacy ActSeminarsMany interactive gaming platforms and sites provide users the ability to communicate with other users through chat or other messaging systems, or allow their users to store and process data in the service. The Electronic Communications Privacy Act ("ECPA") is the federal law that regulates how these types of services can access, use, and disclose information about their users and the communications users send through or store in the service. This session will provide a high-level overview of ECPA.
-
11.04.2009 and 11.05.2009Data Breach… Crisis? or Not a Crisis?SeminarsMarsh's Seattle Office / Seattle, WAIn the last decade, the business world has been transformed by the availability of an overwhelming amount of information. The collection of personal information and dependence on systems creates an obligation of companies to protect the personal information of their customers, employees, and partners.