Regulation – Page 2

Class Action Suits Allege Violations of Illinois Biometric Information Privacy Act

November 14, 2017 / Data, Privacy, Regulation

As punch cards are replaced with retina scanners, and keys with fingerprint identification, employers are facing more lawsuits related to the protection of employees’ biometric data.

Last week, an employee filed two separate class action lawsuits in Illinois against salad restaurant chain Sweetgreen and Philadelphia-based food services provider Aramark for violations of the Illinois Biometric Information Privacy Act (BIPA). The new lawsuits add to over 30 lawsuits already filed for violations of BIPA in the past three months.

…

Class Action Suits Allege Violations of Illinois Biometric Information Privacy ActRead More »

Class Action Suits Allege Violations of Illinois Biometric Information Privacy Act Read More »

The FTC Provides Additional Guidelines on COPPA Compliance

November 10, 2017 / Data Breach, Privacy, Regulation

On October 23, 2017, the FTC provided additional guidance on the COPPA Rule regarding the collection of audio voice recordings by organizations covered by the law. The FTC advised that the collection of an audio file from a child, even when such a file is being used solely as replacement for written words, falls within the first prong of the definition of collection. As a result, as soon as an operator obtains a recording, the operator has collected the recording for purposes of the COPPA Rule regardless of how long it maintains possession of the file. The FTC advised that it understood the value of using voice as a replacement for written words in performing search and other functions on internet-connected devices, especially for certain consumers such as children who have not yet learned to write. As such, the FTC advises that it will not take any enforcement action in certain circumstances where an operator collects an audio file from a child without parental consent. …

The FTC Provides Additional Guidelines on COPPA ComplianceRead More »

The FTC Provides Additional Guidelines on COPPA Compliance Read More »

Delaware Amends Data Breach Notification Law

August 21, 2017 / Data Breach, Regulation

Delaware has joined the list of states amending their data breach notification laws, expanding the definition of Personal Information (PI) and adding requirements for credit monitoring, among other items. The changes will be effective on April 14, 2018.

The Delaware amendments contain a hard deadline for providing notice, required notice to the state AG’s office, and credit monitoring. …

Delaware Amends Data Breach Notification LawRead More »

Delaware Amends Data Breach Notification Law Read More »

FTC Publishes Updated COPPA Compliance Plan for Businesses

July 11, 2017 / Business, Privacy, Regulation

In June, the FTC updated its guidelines for businesses complying with the Children’s Online Privacy Protection Rule (COPPA) to address new products and toys that are connected to the internet. …

FTC Publishes Updated COPPA Compliance Plan for BusinessesRead More »

FTC Publishes Updated COPPA Compliance Plan for Businesses Read More »

New Mexico Becomes 48th State to Enact a Data Breach Notification Law

April 19, 2017 / Data Breach, Regulation

After years of legislative debate, New Mexico becomes the 48th state to enact a data breach notification law, leaving only Alabama and South Dakota as the two remaining states without such a law. New Mexico’s Data Breach Notification Act (the Act) goes into effect on July 1, 2017. The Act provides a 45-day deadline to report a data breach, which is less aggressive than other notification laws. However, the Act is more far-reaching in other areas. For instance, the Act includes “biometric data” in its definition of PII. It also requires owners of PII to adopt “reasonable” cybersecurity procedures and to contractually require their vendors to employ reasonable cybersecurity procedures. It also has provision addressing the “proper disposal” of records containing PII.

…

New Mexico Becomes 48th State to Enact a Data Breach Notification LawRead More »

New Mexico Becomes 48th State to Enact a Data Breach Notification Law Read More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things

April 12, 2017 / Cybersecurity, Data, Privacy, Regulation

The continuing proliferation of internet-connected devices (the “Internet of Things”) has accelerated the availability of modern technological conveniences hand in hand with the erosion of cybersecurity and privacy. In October 2015, White and Williams released a client alert addressing the myriad privacy and security issues that the increased Internet of Things had already created, as well as explored new potential risks posed by such pervasive interconnectivity. In particular, the alert highlighted the potential physical dangers posed by the hacking of internet-connected cars. Such vehicles can be accessed by third parties to not only control accessory components, such as windshield wipers and air conditioning, but a driver’s very ability to operate the vehicle itself.

…

SPY Car and Cyber AIR Acts: Regulating the Internet of ThingsRead More »

SPY Car and Cyber AIR Acts: Regulating the Internet of Things Read More »