data privacyKeypoint: Nebraska lawmakers will consider proposed legislation that would create CCPA-like privacy rights for Nebraska residents.

On January 8, 2020 Nebraska state Senator Carol Blood introduced the Nebraska Consumer Data Privacy Act (LB746) (the “Act”).

Below is our analysis of the proposed legislation (as introduced).


Continue Reading Analyzing the 2020 Nebraska Consumer Data Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: Illinois lawmakers have proposed legislation that would create CCPA-like privacy rights for Illinois residents.

On January 8, 2020, Illinois state Senator Thomas Cullerton introduced the Illinois Data Transparency and Privacy Act (SB2330). This comes on the heels of last year’s legislative session in which two consumer privacy bills failed to pass.

Below is our analysis of the proposed legislation (as introduced).


Continue Reading Analyzing the 2020 Illinois Data Transparency and Privacy Act

data privacyKeypoint: Washington lawmakers will be filing the 2020 version of the Washington Privacy Act on Monday, January 13, 2020.

Those who follow privacy law will remember that last year Washington state came close to becoming the second state (after California) to enact consumer privacy legislation. That legislation – called the Washington Privacy Act (WPA) – overwhelmingly passed the state senate but failed in the house, in part, based on disagreements as to how the statute would be enforced and its facial recognition provisions. (See our prior post here.) The bill’s proponents; however, vowed to push the legislation again in 2020.

On Friday, January 10, 2020, the Washington Senate Democratic Caucus publicly released the 2020 version of the WPA. The release came in advance of the opening of the Washington legislature on Monday, January 13, 2020. The bill’s sponsors also will be holding a press conference on January 13, 2020, to discuss the bill.

Below is our analysis of the 2020 version of the WPA.


Continue Reading 2020 Washington Privacy Act Released

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law

Key Points

  • The Illinois Biometric Information Privacy Act (BIPA) is the most stringent privacy law in the country providing claimants with a private right of action without alleging actual injury.
  • Recent decisions have held that companies outside of Illinois that collect, store or use information on employees and persons in Illinois are subject to BIPA mandates.
  • Courts have held that notice of the collection of biometric information must be obtained from all persons prior to collection of the biometric information.
  • A recent decision acknowledged that an expansive reading of the statute suggests that each scan of biometric information may constitute a single violation under the BIPA.
  • Union employees subject to a collective bargaining agreement must pursue their BIPA claims in arbitration or before an administrative board.
  • Claims of willful or intentional violation of the new law must be supported by facts.
  • BIPA contains no statute of limitations for actions brought under the law, and the issue of the applicable length of the statute of limitations remains unresolved.

As tech companies race to develop facial recognition software for new applications across industry sectors, including the automotive, cosmetic, and healthcare industries, state legislatures are developing privacy laws to protect individuals’ right to privacy and control over their biometric information. The Illinois BIPA is the most stringent biometric privacy law in the U.S for the following reasons:


Continue Reading Overview of Recent Decisions Interpreting the Illinois Biometric Information Privacy Act

data privacyKey Point:  On October 1, 2019, the amendments to Nevada’s privacy policy statute will go into effect, requiring entities subject to the statute to revise their online privacy policies and create an internal process to ensure compliance with the new opt-out right.

As we initially discussed back in May, the Nevada legislature recently amended

data privacyAs we first reported in February, the Nevada legislature has been considering legislation that would amend its online privacy notice statutes, NRS 603A.300 to 360. Among other things, Nevada’s existing law requires “operators” to provide a notice to consumers that (1) identifies the types of information the operator collects online, (2) describes the process (if any) for consumers to review or request changes to their information, (3) describes the process by which the operator notifies consumers of changes to the notice, and (4) discloses whether a third party may collect covered information about an individual’s online activities over time and across different Internet websites or online services.

Continue Reading Nevada Senate Passes Watered-Down Online Privacy Bill

Consistent with the cliché that “everything’s bigger in Texas,” the Texas legislature has introduced not one, but two separate bills relating to the privacy of personal information. Although still in their nascent stages, both bills are following California’s lead in creating enhanced and stringent privacy protections for individual consumers.

Continue Reading The Eyes (and Privacy Laws) of Texas Are Upon You…

Recently, I had the pleasure of being interviewed by Julia Kerrigan, an articulate and insightful young journalist writing for her high school paper, The Dart. In my mind (that’s foreshadowing the challenges caused by my ego-centricity dear reader), the point of the conversation was for me to provide Julia with a primer on information privacy and security issues so that she could weave into her article a few observations from a so-called expert.

Continue Reading Cybersecurity Through a Generation Z Lens: The Privacy and Security Issues that Keep Teens up at Night