Archives: Data Security

Subscribe to Data Security RSS Feed

Cross-Border Data Transfers Just Became More Complicated: EU Court of Justice Strikes Down EU-U.S. Privacy Shield

In an action with major ramifications for data transfers from the European Union (EU) to the United States (U.S.) the Court of Justice of the European Union (CJEU) on July 16 invalidated the EU-U.S. Privacy Shield framework (Privacy Shield), which provided a critical, lawful method for transferring personal data from the EU to the U.S. … Continue Reading

California Is at It Again: The California Privacy Rights Act Makes November Ballot

The Californians for Consumer Privacy group is continuing to push for increased rights regarding consumer data through the California Privacy Rights Act (CPRA), a measure that would expand the rights granted under the existing California Consumer Privacy Act (CCPA), which was effective on January 1 of this year. On June 24, the California Secretary of … Continue Reading

CCPA Enforcement Will Not Be Delayed Due to COVID-19: Is Your Business in Compliance?

Enforcement of the California Consumer Privacy Act (CCPA) is set to begin on July 1, 2020. The global pandemic has many companies urging the California Attorney General (AG) to delay enforcement until 2021, since testing CCPA-compliant platforms can be much more difficult when IT teams cannot work on site. The California AG, however, has declined … Continue Reading

Companies Must Evaluate and Respond to Data Security and Privacy Issues Raised by COVID-19

Remote work is a mandate for many companies during the coronavirus (“COVID-19”) pandemic. With so many employees working from home, companies face increasing privacy and data security challenges as they conduct business remotely while attempting to protect sensitive data from unauthorized access and use. Organizations must ensure that they are implementing the proper security and … Continue Reading

Your Secrets Are Safe(r) With the Government Now

As we’ve discussed here before, there is significant tension between government’s duty to give the public access to its records, and the desire of those who deal with the government to keep some of their information confidential. Yesterday, confidentiality won. In a 6-3 decision, the Supreme Court overturned the Eighth Circuit’s decision in Food Marketing … Continue Reading

Washington State Legislature Passes Bill With Major Revisions to Data Breach Notification Statute

Shortly after the proposed Washington Privacy Act (SB 5367) failed to pass the legislature, Washington is now set to revise its existing data breach law. HB 1071, which passed the legislature on April 22, 2019 and is awaiting the Governor’s signature, would substantially expand the definition of personal information, impose new breach notification requirements such … Continue Reading

Washington Likely Adopting New Privacy Law in the Likeness of the European Union’s General Data Protection Regulation

Another state may join the movement towards adopting General Data Protection Regulation (GDPR)-like privacy protections. A new privacy bill was introduced in the Washington Legislature on January 17, 2019, called the Washington Privacy Act (SB 5376). The Act would give consumers rights that are similar to those under the GDPR, such as the right to … Continue Reading

California Enacts First Law Regulating Internet Of Things Devices

California has enacted the nation’s first law regulating Internet of Things (IoT) devices, which was signed by Governor Jerry Brown on September 28, 2018. IoT refers to the rapidly-expanding world of internet-connected objects such as home security systems, video monitors, enterprise devices that track packages and vehicles, health monitors, connected cars, smart city devices that … Continue Reading

FBI Calls Out Data Privacy and Security Risks with Educational Technology

Educational technology (“EdTech”) such as unified communications programs, educational software, and networked devices has become an integral part of education due to its ability to help educators, students, and institutions manage information, provide educational materials, and improve administrative functions. But the FBI is now warning of the data privacy risks associated with EdTech. The FBI … Continue Reading

California Enacts New Privacy Law: How Will It Impact You?

by Leila Javanshir, Miller Nash Graham & Dunn 2018 Summer Associate On June 28, 2018, yet another new law hit the data privacy world that will impact the ways companies around the world will handle their data. The implementation of the California Consumer Privacy Act (CCPA) is a landmark moment for consumers and businesses alike. … Continue Reading

The EU’s General Data Protection Regulation (GDPR), Effective May 25, 2018, Will Impact Many United States Businesses

Who: United States businesses that process (i.e., collect, store, or transmit) the personal information of EU residents in connection with offering goods or services in the EU (online or otherwise) are subject to the GDPR, regardless of whether the business has any physical presence in the EU or any payment is made by the EU … Continue Reading

What’s in Your Privacy Policy? New Oregon Law Requires Accuracy

On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090. This new law will make materially inaccurate claims related to the collection, use, disclosure, maintenance, and disposal of consumer data an unlawful trade practice subject to enforcement by the Attorney General. The law applies not only to claims made on websites (privacy … Continue Reading

It’s Tax Fraud Season: Take Action Today to Avoid This Common Data Breach Scenario

Last year, many businesses suffered data breaches during tax season when their employees divulged other employees’ W-2 information (including Social Security numbers) to criminals. Sadly, we are starting to receive reports that the criminals are back at it this year. Take action now to avoid being victimized and protect your employees’ data.  … Continue Reading

Third Circuit Affirms FTC Enforcement Authority Over Cybersecurity Practices

Recently, the U.S. Court of Appeals for the Third Circuit ruled that the Federal Trade Commission (the “FTC”) may pursue a lawsuit against Wyndham Worldwide Corporation, a hotel and time-share operator, for “unfair and deceptive” cybersecurity practices. In its complaint, the FTC alleged that Wyndham had “unreasonably and unnecessarily” exposed consumers’ personal data in more … Continue Reading

Update: Neiman Marcus Asks for En Banc Review of Recent Seventh Circuit Data-Breach Ruling

We recently wrote a post on this blog analyzing the Seventh Circuit’s ruling that the victims of a Neiman Marcus data breach could proceed with their claims against the retailer. We noted the significance of the decision because it allowed the plaintiffs to proceed with their claims against Neiman Marcus while many other courts had dismissed similar … Continue Reading

Get Ready for More Class-Action Lawsuits: The Seventh Circuit Finds Potential Future Harm Sufficient for Standing in Data-Breach Class Action

For years, data-breach plaintiffs have faced a huge barrier to obtaining relief in court:  many courts have dismissed their complaints because they have been unable to demonstrate actual harm (or “concrete and particularized injury,” in lawyer-speak)—and actual harm is generally a requirement to have standing in federal court. Many of these plaintiffs were able to … Continue Reading

Oregon Makes Significant Amendments to Its Data Breach Law, Including Expanding the Definition of “Personal Information”

On June 10, 2015, Oregon Governor Kate Brown signed into law a bill that significantly amends Oregon’s data breach notification law. The amended law, which is effective January 1, 2016 (and applies to breaches occurring on and after that date), requires Oregon’s Attorney General to be notified if a breach affects more than 250 Oregonians. … Continue Reading

Washington Amends Its Data Breach Law: What Do Washington Businesses (and Businesses Doing Business in Washington) Need to Know About the Changes?

In late April, Washington’s data-breach law was significantly amended. The changes go into effect July 31, 2015, and will change the law in the following seven ways: Specific information (e.g., name and contact information of reporting person or business and credit-reporting agencies) must be included in a data-breach notification. This is in line with Washington’s … Continue Reading

The Supreme Court Will Hear a Case with Potentially Massive Implications for Data-Breach Lawsuits

On Monday, the United States Supreme Court granted certiorari in a case that may lower the bar for plaintiffs in data-breach litigation.  As reported by the Wall Street Journal, the Supreme Court is now set to determine whether a violation of federal statute—without more—is sufficient to grant a plaintiff standing to sue in federal court.  As … Continue Reading

Implications for Businesses as Oregon Attorney General Fights for More Detailed Data Breach Notifications, and Increased Involvement in Data Breach Situations

As reported in an interview with The Privacy Advisor, Oregon Attorney General Ellen Rosenblum is seeking the following three changes to Oregon’s data breach notification law: Mandatory reporting of data breaches to the AG’s office; Enhanced enforcement authority in the event of data breaches; and An expanded definition of personal information required to be reported. Rosenblum … Continue Reading

Make It Easier to Prevail in (or Avoid) Trade Secret Litigation: Identify Your Trade Secrets and Then Protect Them By Limiting Access

The recent article from Today’s General Counsel magazine, Defendants’ Stratagems and Plaintiffs’ Counters in Trade Secret Litigation, reminds us all of the difficulties of being a plaintiff in trade secret litigation (as though we needed to be reminded!). These difficulties include: Proving the “secrecy” and value of your trade secret; Showing your trade secret was not independently derived … Continue Reading