You can add Nevada to the growing list of the states that are considering privacy-related legislation in the wake of last year’s enactment of the California Consumer Privacy Act (CCPA). Nevada is one of three states that already require certain entities to provide online privacy notices to disclose the types of personal information that they collect from consumers. Senate Bill 220 would supplement that existing law by allowing consumers to submit notices to businesses directing them not to sell any personal information the business has collected or will collect about the consumer (i.e., an opt-out). An entity that receives such a notice would be forbidden from selling the consumer’s personal information. Continue Reading Proposed Nevada Privacy Legislation Would Create Private Right of Action
It should come as no surprise that educational institutions are among the top targets for hackers and purveyors of personally identifiable information. In 2017, only the financial and healthcare sectors had more data breaches. Yet despite the looming menace of increased cyber-attacks, federal regulation of student data remains woefully inadequate. The Family Educational Rights & Privacy Act (“FERPA”) was enacted back in 1974, when the Internet was still a gleam in ARPANET’s eye and Jeff Bezos was only ten years old, and it has not been amended since 2001. It certainly protects (or tries to protect) student data from unwarranted disclosure or use, but it and the regulations that implement it do not meaningfully protect student data from theft or destruction. More importantly, FERPA fails to address, except in a few narrow situations, what kinds of obligations third-party contractors have vis-à-vis the student data that they collect and use. However, because FERPA has no preemption provisions, its mandates are a floor, not a ceiling; this means that states can step in and enact more stringent rules and regulations.
Continue Reading Third-Party Contractors Get Schooled in Data Privacy – New York Style
As we move into the second month of 2019, we’d like to give an overview of the trends we see developing in the cybersecurity and data privacy area for the year. We’ll be sure to elaborate on these areas with more details as they unfold.
On January 25, 2019, the Illinois Supreme Court released a unanimous decision holding that individuals do not need to plead or prove actual damages or harm to maintain a private right of action under the Illinois Biometric Information Privacy Act (740 ILCS 14/1) (the Act) when a private entity fails to comply with the Act’s procedural protections. The decision upholds privacy rights of individuals in their unique biological information as defined under the Act.
Learn details about the decision and what this means for businesses operating in Illinois in Husch Blackwell’s recent legal alert.
What if your next idea—which could be the next big idea—involves a web-based collection, compilation, or a sliver of “big data” that is so ingenious that customers and investors will line up to get their hands on it? The idea most likely comes with an e-commerce angle, such as a unique feature complete with pricing information indexed for your customers’ convenience. A meaningful portion of your solution’s value will likely stem from this carefully selected catalog of prices. So, how do you protect it?
Our Kris Kappel and Liam Reilly provide the answers in a post on our Technology, Manufacturing & Transportation Industry Insider blog. Find out more!
US relations with the European Union took another hit last week, when the European Parliament voted to suspend Privacy Shield, the agreement between the US and the EU that allows companies to transfer the personal information of EU citizens out of the EU to US companies that have promised to adhere to the General Data Protection Regulation (“GDPR”). Between the Facebook-Cambridge Analytica scandal, the passage of the CLOUD Act and the Russian hack (sorry – alleged Russian hack) of the 2016 election, the EP felt that Privacy Shield did not provide an adequate level of protection for EU citizens. The US has until September 1 to become compliant.
Colorado’s Protections for Consumer Data Privacy law (“new law”) takes effect on September 1, 2018 and requires that businesses holding personal information for Colorado residents destroy the data they don’t need, protect the data they decide to keep, and disclose any security breaches involving that data within 30 days of its occurrence. The new law amends existing obligations and adds new obligations applicable to businesses holding information about Colorado residents.
Over the past five to ten years, the advancement of technology has produced a flurry of corporate cyber-attacks. Data breaches make the news virtually every day.
Too often, however, companies seek compensation for their data breach losses by making claims on commercial general liability (CGL) or property policies – policies that simply were not written to cover these types of perils.
Instead, companies should be looking to cyber insurance, which offers more reliable coverage for the kinds of losses associated with a data breach. Cyber insurance offers varying coverage options for corporate clients and can be tailored to the type of information that needs to be protected and the data risks that are the most significant to the company.
If you want to learn more on data breach litigation issues, court rulings on coverage for cyber-attacks and cyber coverage options, join the educational webinar: Data Breach Litigation: Recent Trends and Developments. The webinar takes place on Wednesday, June 20, 2018 at 12:00 p.m.-1:00 p.m. (ET) and will be led by Husch Blackwell Senior Counsel, Eric Levy. The webinar will be hosted on The Knowledge Group and the first 30 registrants will receive complimentary passes.
Blockchain technology is seeing increasingly wide use internationally, but security issues are becoming a major problem.
Blockchain is a public electronic ledger that can be openly shared among users and that creates an unchangeable record of their transactions. Each transaction, or “block”, is time-stamped and linked to the previous one. Each block is then linked to a specific participant. Blockchain can only be updated by consensus between users in the system, and when new data is entered, it can never be erased, edited, adjusted, or changed.
For over twenty years, my father was a wholesale seafood supplier. One day over dinner (probably lobster, because that’s just how we rolled), my father tells us that he has hired an off-duty US Department of Agriculture inspector to inspect the fish that his company will be sending out to its grocery store clients. When I asked him if this was a legal requirement, he said it was not (the Department of Health and Human Services, via the FDA, apparently regulates fish, not the USDA). When I then asked him why he was doing it, he said, “If you were in the grocery store and you saw one piece of fish labelled ‘USDA Government Inspected’ and one piece of fish without that label, which one would you buy?” An informal “seal” program had been born!