Insights on Privacy, Data Protection & Data Security

Last week, the Supreme Court heard arguments in Lamps Plus, Inc. v. Frank Varela, a case with major implications for companies seeking to avoid class arbitration.

Colorado’s new consumer data protection law, the Protections for Consumer Data Privacy Act, took effect September 1 and companies now have another set of requirements to comply with for their data privacy compliance.

Starting on January 1, 2020, fashion and retail companies from around the world will need to comply with the strongest online privacy law in the United States, the California Consumer Privacy Act of 2018.

This two-part article on how the courts have analyzed claims for coverage under traditional crime policies, protocols, and procedures that companies can use to reduce the risk of falling victim to cyber phishing scams appeared in Pratt’s Privacy & Cybersecurity Law Report.

Arent Fox San Francisco Managing Partner and Sports Practice Group Leader Rich Brand and Privacy, Cybersecurity & Data Protection Senior Associate Eva Pulliam co-authored the article, “Faces in the Crowd: Legal Considerations for Use of Facial Recognition Technology at Sports Arenas.”

We are pleased to provide you with the new, 2018 version of the Arent Fox Survey of Data Breach Notification Statutes.

The General Data Protection Regulation, commonly referred to as the “GDPR,” has been in force for only two months now, but it appears to have already claimed a casualty.

Following the US Supreme Court’s narrow ruling in Carpenter v. United States, 585 US ___ (2018) questions have arisen regarding whether this interpretation would remain limited or be expanded in future privacy disputes that came before the High Court.

The Supreme Court of the United States recently tackled privacy in the mobile age and agreed that cell phone location is something that is protected.

Within hours of its unanimous passing in both the California State Senate and Assembly, Governor Jerry Brown signed the strongest online privacy law in the country, the California Consumer Privacy Act of 2018.

South Carolina has become the first state to enact an insurance data security act based on the Insurance Data Security Model Law drafted by the National Association of Insurance Commissioners, which is based on New York’s Cybersecurity Regulations (23 N.Y.C.R.R. Part 500).

On March 28, 2018, the Governor of Alabama, Kay Ivey, signed SB 318, the Alabama Data Breach Notification Act, which becomes effective June 1, 2018. Alabama is just behind South Dakota, which enacted its data breach notification statute this past March.

Arent Fox is pleased to announce the launch of a new Blockchain group that pulls together attorneys from a number of the firm’s top practices to help clients navigate this emerging technology.

On March 21, 2018, South Dakota became the forty-ninth state to enact a data breach notification statute, which becomes effective July 1, 2018.

New York’s highest court has rejected Lindsay Lohan’s invasion of privacy claims against the developer of the Grand Theft Auto video games.

Got blockchain? For many, the answer to this question is “no” but the technology and the medium of exchange built on it have arrived and many platforms and industries are looking to see how it can help facilitate transactions and allow for more efficiencies.

In an attempt to unite disparate regulatory decisions covering cryptocurrency activity in New York, the New York State Assembly has introduced a new bill creating a comprehensive certification scheme for cryptocurrency businesses that includes protections for investors.

In Rosenbach v. Six Flags, the Illinois Supreme Court addressed the threshold issue of who is considered an “aggrieved” person capable of suing under the private right of action provided for in Illinois’ Biometric Information Privacy Act. 

Matthew Prewitt is a member of the drafting team for The Sedona Conference Commentary on BYOD: Principles and Guidelines for Developing Policies and Meeting Discovery Obligations.

In a recent European Court of Justice Ruling, the court held that a test taker’s answers and an examiner’s comments with regard to those answers are personal data, while valuable proprietary test questions are not.

While the development and use of innovative technology for students is currently exploding in the education sector, so are the laws governing it. Education technology, commonly referred to as “Ed Tech,” is well established in most schools and continues to grow.

Take out the microphone and get ready to record! Just don’t ask any personal questions and make sure that you’re prepared to then dump it all. This sums up the guidance provided by the Federal Trade Commission in a recently released Enforcement Policy.

Last month, the SEC announced the creation of a new “Cyber Unit” within the Enforcement Division to target misconduct related to cybersecurity. The unit is being created in conjunction with internal SEC initiatives to strengthen cybersecurity in the wake of the agency’s infamous data breach last yea

Online arbitration provision for a web-based application is enforceable, reversing a lower court decision and essentially blocking a proposed class action.

The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information.