“Reasonable” appears several times in the California Consumer Privacy Act (CCPA), and most notably in the section on the private right of action for a data breach resulting from “a business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal
On February 3, 2020, Bernadette Barnes, a private resident of California (on behalf of herself and others similarly situated), brought the first data breach suit citing CCPA ever. The suit named Hanna Andersson (company specializing in high end children’s apparel) and Salesforce.com (cloud technology service as a software (“SaaS”) company) as defendants, and brought claims
The Internet of Things (IoT) is often defined as a network of interconnected devices, such as sensors, smartphones, and wearables, or the transfer of data between everyday objects with computing capabilities. It’s where physical infrastructure meets the digital universe, and where machines can “talk” to one another. The IoT creates a connected world, and it’s
The New Jersey attorney general recently made headlines when he made the decision on January 24, 2020 to have prosecutors immediately stop using a facial recognition app produced by Clearview AI (https://clearview.ai/). Clearview AI is an app that markets itself as helping to stop criminals. The Clearview AI website states: “Clearview helps to
Following up on our post of January 22, 2020 (“Big News in Biometrics – Supreme Court Declines to Weigh in on What Plaintiffs Must Show to Bring Biometric Privacy Suit”), Facebook has now agreed to pay $550 million to settle the BIPA class action lawsuit. This is the largest BIPA settlement ever, and it will
The National Institute of Standards and Technology (NIST) released version 1.0 of its Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, which follows the structure of the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The Privacy Framework acknowledges that failure to manage privacy risks can have direct adverse
One notable difference between the California Consumer Privacy Act (CCPA) and Europe’s General Data Privacy Regulation (GDPR) is that only the latter provides the right for individuals to not be subjected to automated decision-making, including profiling, which has legal or other significant effects on that individual.
But, the CCPA still creates issues for covered entities
On January 21, 2020, the Supreme Court denied Facebook’s Petition for Certiorari, raising the issues of (i) Whether a court can find Article III standing based on its conclusion that a state protects a concrete interest, without determining that the plaintiff suffered a personal, real-world injury from the alleged statutory violation; (ii) whether a court