One of the myriad of issues arising from the California Consumer Privacy Act (CCPA) is the extent to which financial institutions subject to the Gramm-Leach-Bliley Act (GLBA) must comply with the CCPA’s requirements in light of Section 1798.145(e), which provides that the CCPA “shall not apply to personal information collected, processed, sold, or disclosed pursuant to [the GLBA], and implementing regulations.” Because the CCPA’s definition of “personal information” is broader than the GLBA’s definition of “nonpublic personal information,” financial institutions have been faced with the daunting task of not only data mapping but also classifying that data based on whether it is subject to the GLBA.  Continue Reading Analyzing How Financial Institutions are Treated in Proposed State Privacy Laws

The advice we always give to clients regarding privacy policies is: “say what you do and do what you say.” It seems simple, but simplicity can be deceiving. Companies want to reassure consumers that their personal data is safe and secure; however, in today’s world, no one can make fail-safe representations of security. Uber’s recent settlement with the FTC illustrates this problem.

Continue Reading Don’t Make “Uber” Promises You Can’t Keep

Yesterday’s post by Sean Tassi on Husch Blackwell’s Higher Education Legal Insights provides colleges and universities with low-tech strategies to guard their data against criminal activity. The information in his post serves as a good reminder to remove unnecessary personal information (“PI”) on forms and documents.

If you have further questions, members of our Data Privacy, Security & Breach Response team can address them.

dangerTechnology has changed the way businesses market themselves to consumers. Businesses now have the ability to identify shifting consumer preferences, launch highly targeted advertising campaigns, and communicate instantly with potential customers. One thing this new marketing has in common? Consumer data. As marketing technologies evolve, companies should be aware that the myriad of data security regulations don’t just apply to how companies conduct their business, but how they market it as well. Continue Reading Marketing in the age of data security