Perspectives on Privacy, Data Protection & Data Security

Within hours of its unanimous passing in both the California State Senate and Assembly, Governor Jerry Brown signed the strongest online privacy law in the country, the California Consumer Privacy Act of 2018.

South Carolina has become the first state to enact an insurance data security act based on the Insurance Data Security Model Law drafted by the National Association of Insurance Commissioners, which is based on New York’s Cybersecurity Regulations (23 N.Y.C.R.R. Part 500).

On March 28, 2018, the Governor of Alabama, Kay Ivey, signed SB 318, the Alabama Data Breach Notification Act, which becomes effective June 1, 2018. Alabama is just behind South Dakota, which enacted its data breach notification statute this past March.

Arent Fox is pleased to announce the launch of a new Blockchain group that pulls together attorneys from a number of the firm’s top practices to help clients navigate this emerging technology.

On March 21, 2018, South Dakota became the forty-ninth state to enact a data breach notification statute, which becomes effective July 1, 2018.

New York’s highest court has rejected Lindsay Lohan’s invasion of privacy claims against the developer of the Grand Theft Auto video games.

Got blockchain? For many, the answer to this question is “no” but the technology and the medium of exchange built on it have arrived and many platforms and industries are looking to see how it can help facilitate transactions and allow for more efficiencies.

In an attempt to unite disparate regulatory decisions covering cryptocurrency activity in New York, the New York State Assembly has introduced a new bill creating a comprehensive certification scheme for cryptocurrency businesses that includes protections for investors.

In Rosenbach v. Six Flags, the Illinois Supreme Court addressed the threshold issue of who is considered an “aggrieved” person capable of suing under the private right of action provided for in Illinois’ Biometric Information Privacy Act. 

Matthew Prewitt is a member of the drafting team for The Sedona Conference Commentary on BYOD: Principles and Guidelines for Developing Policies and Meeting Discovery Obligations.

In a recent European Court of Justice Ruling, the court held that a test taker’s answers and an examiner’s comments with regard to those answers are personal data, while valuable proprietary test questions are not.

While the development and use of innovative technology for students is currently exploding in the education sector, so are the laws governing it. Education technology, commonly referred to as “Ed Tech,” is well established in most schools and continues to grow.

Take out the microphone and get ready to record! Just don’t ask any personal questions and make sure that you’re prepared to then dump it all. This sums up the guidance provided by the Federal Trade Commission in a recently released Enforcement Policy.

Last month, the SEC announced the creation of a new “Cyber Unit” within the Enforcement Division to target misconduct related to cybersecurity. The unit is being created in conjunction with internal SEC initiatives to strengthen cybersecurity in the wake of the agency’s infamous data breach last yea

Online arbitration provision for a web-based application is enforceable, reversing a lower court decision and essentially blocking a proposed class action.

The latest question in privacy law is not what’s in a name (or IP address, PHI, TV viewing activity, etc.), but what’s on a face. Consumers are becoming increasingly concerned with how companies are using their biometric information such as facial, fingerprint, and iris information.

On August 30, 2017, the Eighth Circuit Court of Appeals became the latest circuit court to hold that the threat of future harm is insufficient to satisfy the injury-in-fact requirement for Article III standing.

We are pleased to provide you with the new, 2017 version of the Arent Fox Survey of Data Breach Notification Statutes. This version updates the Survey that we created and circulated last year, including new statutes and amendments that have been enacted since August of 2016.

The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.

Calling all #influencers: that promotional post may attract more attention than you bargained for with your brand if you fail to use required disclosures.

Thinking about updating your privacy policy? Consider how to get consumer buy-in as part of the process.

Instagram is rolling out a new tool that will make it easier to tag and track paid commercial content.

Since 2012, Barnes & Noble has been fighting claims arising from a data breach that affected its credit card pin pad machines. Now, the Barnes & Noble “Pin Pad” litigation is finally over.

Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets.