Texas flagAs we previously reported, the Texas legislature has been considering two bills directed at addressing consumer privacy. Those bills were proposed in the wake of last year’s enactment of the California Consumer Privacy Act.

On May 7, 2019, the Texas House voted overwhelmingly to pass one of those bills – HB 4390 – however,

data privacy[Update:  After publication of the below post, AB 1035 was amended to remove the below-referenced language. The fact that the California legislature considered defining what constitutes “reasonable security procedures and practices” for purposes of the CCPA’s private right of action but, at least as of now, did not proceed with such legislation leaves businesses subject

data privacyAs we first reported in February, the Nevada legislature has been considering legislation that would amend its online privacy notice statutes, NRS 603A.300 to 360. Among other things, Nevada’s existing law requires “operators” to provide a notice to consumers that (1) identifies the types of information the operator collects online, (2) describes the

Having escaped the bleak midwinter of the Midwest for a few brief days, I find myself sitting poolside in sunny Orlando experiencing a few tantalizing hours of near summer temps. As I watch the inflatables being splashed about gleefully by children (mine included) impervious to the water’s lingering chill, my thoughts naturally turn to privacy and security (which is not a euphemism for my ill-fitting swimsuit by the way).

Continue Reading

One of the myriad of issues arising from the California Consumer Privacy Act (CCPA) is the extent to which financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) must comply with the CCPA’s requirements in light of Section 1798.145(e), which provides that the CCPA “shall not apply to personal information collected, processed, sold, or disclosed pursuant to [the GLBA], and implementing regulations.” Because the CCPA’s definition of “personal information” is broader than the GLBA’s definition of “nonpublic personal information,” financial institutions have been faced with the daunting task of not only data mapping but also classifying that data based on whether it is subject to the GLBA. 
Continue Reading

You can add Nevada to the growing list of the states that are considering privacy-related legislation in the wake of last year’s enactment of the California Consumer Privacy Act (CCPA). Nevada is one of three states that already require certain entities to provide online privacy notices to disclose the types of personal information that they collect from consumers. Senate Bill 220 would supplement that existing law by allowing consumers to submit notices to businesses directing them not to sell any personal information the business has collected or will collect about the consumer (i.e., an opt-out). An entity that receives such a notice would be forbidden from selling the consumer’s personal information.
Continue Reading