Keypoint: Florida lawmakers have proposed legislation that would require certain operators of websites to make online disclosures and accept requests to opt-out of sales of personal data but that would stop far short of creating CCPA-like privacy rights for Florida residents.

Florida lawmakers have introduced companion bills in the Florida House (HB 963) and Senate (SB 1670) that would create limited online privacy rights and obligations in the state. The legislation – which is yet to be named but for our purposes will be referred to as the 2020 Florida Consumer Privacy Act (Act) – appears to be very similar to the Nevada Online Privacy Protection Act, which was amended last year to add a right to opt-out of sales of covered information. The Act is therefore distinguishable from the California Consumer Privacy Act (CCPA) and more akin to the California Online Privacy Protection Act (CalOPPA).

Florida joins a number of other states considering consumer privacy legislation, including Illinois, Washington state, Nebraska, New Jersey, New Hampshire, Virginia, and Hawaii. Members of Husch Blackwell’s privacy and data security practice group will be hosting a webinar on February 4 at noon CST to discuss these proposed laws and to provide an update on the CCPA. To register, click here.

Below is our analysis of the Florida legislation (as introduced).

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: Illinois lawmakers have proposed legislation that would create CCPA-like privacy rights for Illinois residents.

On January 8, 2020, Illinois state Senator Thomas Cullerton introduced the Illinois Data Transparency and Privacy Act (SB2330). This comes on the heels of last year’s legislative session in which two consumer privacy bills failed to pass.

Below is our analysis of the proposed legislation (as introduced).

data privacyKeypoint: Washington lawmakers will be filing the 2020 version of the Washington Privacy Act on Monday, January 13, 2020.

Those who follow privacy law will remember that last year Washington state came close to becoming the second state (after California) to enact consumer privacy legislation. That legislation – called the Washington Privacy Act (WPA) – overwhelmingly passed the state senate but failed in the house, in part, based on disagreements as to how the statute would be enforced and its facial recognition provisions. (See our prior post here.) The bill’s proponents; however, vowed to push the legislation again in 2020.

On Friday, January 10, 2020, the Washington Senate Democratic Caucus publicly released the 2020 version of the WPA. The release came in advance of the opening of the Washington legislature on Monday, January 13, 2020. The bill’s sponsors also will be holding a press conference on January 13, 2020, to discuss the bill.

Below is our analysis of the 2020 version of the WPA.

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.

Safety concept: Police on digital background

Key Point:  If you consider your cybersecurity defensive measures to be a one-time investment, that is what the criminals are banking on.

Most people enjoy improvements and innovations when it comes to consumer electronics, but the unfortunate truth is that cybercriminals are innovating and improving their techniques and tactics as well. These innovations include “getting a second bite from the ransomware apple” and using ransomware to cause “physical vulnerabilities at your business.” Hopefully the anecdotes below help to convince the decision-makers in your business to follow the Coast Guard’s motto Semper Paratus – Always Prepared.

As Husch Blackwell discussed in a recent client alert, the U.S. Department of Commerce recently issued a proposed rule (the “Proposed Rule”) which intends to give the U.S. Secretary of Commerce the authority to block, unwind or modify information and communications technology or services (“ICTS”) transactions involving “foreign adversaries” if the Commerce Secretary determines

Keypoint: Those hoping that the final CCPA regulations will clarify its requirements may be disappointed. 

According to an article in Bloomberg Law, California Attorney General Becerra does not anticipate his office making substantial changes to the regulations as proposed when it issues the final regulations.

The AG’s office published the proposed regulations on October

Keypoint:  The fallout from the 2018 Cambridge Analytica incident continues with the FTC’s issuance of this unanimous opinion and order.

On December 6, the Federal Trade Commission (“FTC”) issued a unanimous opinion (the “Opinion”) finding that political consulting firm Cambridge Analytica, LLC (“Cambridge Analytica”) violated Section 5 of the Federal Trade Commission Act (“FTC Act”) (15 U.S.C. § 45) by engaging in deceptive practices to harvest personal information from tens of millions of Facebook users through a Facebook application called the “GSRApp.”

Saturday, November 2, will mark 60 days until the California Consumer Privacy Act (CCPA) goes into effect. While each organization will have its unique compliance challenges, as discussed below, there are a discrete set of tasks – at a minimum – that each organization needs to undertake in the next 60 days as the first steps toward compliance.

In addition, on November 13, members of Husch Blackwell’s privacy and cybersecurity practice group will present a webinar to discuss these tasks in greater detail.  For more information or to register, click here.