Connecticut is the next in a growing list of states to pass comprehensive data privacy legislation.  Last Friday, the Connecticut legislature passed, by large margins, Senate Bill 6 — which we are referring to as the Connecticut Data Privacy Act (CTDPA).  The law now awaits the Governor’s signature.

The CTDPA follows the form and content of other privacy laws passed in the prior year, including the Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), and Utah Privacy Act (UPA). … Continue Reading

We discuss the growing trends in privacy litigation, particularly litigation targeting company practices regarding the sharing and sale of consumer personal data, plaintiffs’ liability theories, including the right of publicity, and best practices for companies to consider in order to reduce the risk of privacy claims.

Aliza Karetnick, a Ballard Spahr partner and Leader of the firm’s cross-practice Consumer Products and Retail Team, leads the conversation, joined by Phil Yannella, a Ballard partner and Practice Leader of the firm’s Privacy and Data Security Group, and Greg Szwczyk, a Ballard partner and member of the firm’s Privacy and Data Security Group.… Continue Reading

Following the lead of California, Colorado, and Virginia, Utah is set to become the fourth state to pass a comprehensive privacy law.

As of March 4, the Utah Consumer Privacy Act (SB 227) cleared both houses of the Utah legislature.  The UCPA closely resembles the Virginia Consumer Data Privacy Act, but with some interesting changes. … Continue Reading

The FTC’s final rule released last week amending its Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA) will require significant changes in data security policies and procedures to be made by non-bank financial institutions covered by the Safeguards Rule.  Such institutions include finance companies, mortgage companies and brokers, motor vehicle dealers, small-dollar lenders, and debt collectors.… Continue Reading

On September 17th, the Consumer Bankers Association, the American Bankers Association, and a large number of other financial trade associations sent a letter to Speaker of the House Nancy Pelosi (D-CA), Majority Leader Kevin McCarthy (R-CA) and other House Members opposing a proposal under consideration as part of the budget reconciliation package that would require financial institutions and other providers of financial services to track and submit to the Internal Revenue Service (IRS) information on the inflows and outflows of every account above a de minimis threshold of $600 during the year, including breakdowns for cash.… Continue Reading

With a little over a year of enforcing the California Consumer Privacy Act (CCPA) under its belt, the Office of the California Attorney General (OAG) recently held a press conference to announce updates on its CCPA enforcement efforts and promote new tools relating to California consumers’ right to opt out of the sale of their personal information.… Continue Reading

Phil Yannella, Ballard Spahr litigation partner and Practice Leader of Ballard’s Privacy & Data Security Group, recently authored a treatise on data breach and privacy litigation.  The book, Cyber Litigation: Data Brach, Data Privacy & Digital Rights, is published by Thomson Reuters and is available now for purchase.  The publication of CyberLitigation comes at an important moment as the U.S.… Continue Reading

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents that could result in a banking organization’s inability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of a banking organization, or impact the stability of the financial sector, the banking organization must notify its primary federal regulator no later than 36 hours after determining an incident has occurred. … Continue Reading

The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”).

As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020.  The third set of modifications revised the regulations relating to the notice of a consumer’s right to opt-out of the sale of their personal information. … Continue Reading