Akin Gump published a client alert on the new privacy and personal data acts that were introduced in the House and Senate this month. Rep. Anna Eshoo (D-CA) and Rep. Zoe Lofgren (D-CA) introduced the Online Privacy Act that would establish individual rights related to the privacy of personal information, privacy and security requirements and establish a new U.S. Digital Privacy Agency to carry out those rights. Sens. John Thune (R-SD), Richard Blumenthal (D-CT), Jerry Moran (R-KS), Marsha Blackburn (R-TN) and Mark Warner (D-VA) introduced the Filter Bubble Transparency Act. The Act would require platforms to inform users of the use of computer-generated filters to determine how information is delivered. To read the full alert, please click here.
With the expansion of privacy legislation—from the General Data Protection Regulation (GDPR) in Europe to the coming California Consumer Privacy Act (CCPA) in the United States—cyber liability insurance is taking on increased importance. This post discusses key issues companies should consider as they review their cyber coverage in light of changing legislation and increased litigation risks. Companies should act now to ensure they have sufficient cyber coverage in place before the CCPA goes into effect on January 1, 2020.
Akin Gump published a client alert on the California Attorney General’s Office (AGO) issuing draft regulations (“Draft Regulations”) for implementation of the California Consumer Privacy Act (CCPA). The regulations are subject to a public comment period and public hearings that will close on December 6, 2019. The Draft Regulations contain helpful clarifications but leave several issues unaddressed or unresolved. The alert delves into what the Draft Regulations do and do not address as well as provides practical advice. More information on the CCPA can be found in our prior client alerts and publications, including our initial summary of the CCPA, our overview of the September 2018 amendments and our recent article in the Recorder concerning the September 2019 amendments. To read the full alert, please click here.
Maine’s legislature unanimously passed a new law—“An Act to Protect the Privacy of Online Customer Information” (the “Act”)—that will impose strict data protection restrictions on broadband internet service providers (ISPs) when it goes into effect on July 1, 2020. In the absence of federal privacy legislation, states like Maine passed new privacy legislation. The Act, although limited to ISPs, sets a new high-water mark that could spur similar laws in other states.
On October 2, 2019, California Governor Gavin Newsom signed Senate Bill 208 (“SB 208”), the Consumer Call Protection Act of 2019. The law seeks to protect consumers from fraudulent robocalls. SB 208 adds Section 2893.5 to the Public Utilities Code, which requires telecommunications service providers, on or before January 1, 2021, to implement Secure Telephone Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols, or comparable or superior alternative technology, to verify and authenticate caller identification for calls carried over an internet protocol network. A “good faith effort” to comply with this requirement will be a defense to a claim for violating Section 2893.5.
On October 22, 2019, the Federal Trade Commission (FTC or the “Commission”) announced it will push back the deadline for comments on potential updates to its implementation of the Children’s Online Privacy Protection Act (together with its implementing regulations, COPPA) by 45 days. The Commission explained that stakeholders requested an extension in light of the FTC’s recent enforcement action against YouTube and its parent Google for alleged COPPA violations, as well as the FTC’s public workshop on COPPA in early October. Comments will now be due December 9, 2019, instead of October 23, 2019.
Akin Gump published a client alert outlining key provisions of New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act, signed by Governor Cuomo on July 25, 2019. The data breach notification requirements of the SHIELD Act take effect today (October 23, 2019), while the data security protections of the Act take effect March 21, 2020. The data breach notification requirements will have a significant impact on businesses that own or license computerized data that contain the private information of New York residents. Notably, HIPAA covered entities are also subject to additional breach reporting requirements under the Act. Please click here to read the full alert.
Akin Gump published a client alert on current congressional efforts to enact privacy legislation. It details the Mind Your Own Business Act which would allow the FTC to establish minimum privacy and cybersecurity standards and issue on the first offense for companies and criminal penalties for executives who deceive the FTC. This legislation introduced by Senator Ron Wyden (D-OR) would also create a national Do Not Track system, create 175 full-time FTC staff positions dedicated to privacy and add a requirement for companies to examine the impact of algorithms on discrimination and accuracy. The alert also outlined the endorsement of several pieces of legislation on technology and artificial intelligence by the New Democrat Coalition. To read the full alert, please click here.