Data Matters Privacy Blog Home Page - Data Matters Privacy Blog

*This article first appeared in Law360 on May 15, 2019.

The California Consumer Privacy Act, known as the CCPA, is a new law set to go into effect on Jan. 1, 2020. The CCPA is the first U.S. law that will require businesses with an online presence in California to focus on user data and it regulates how businesses collect, share and use such data. One of the most significant risks to online business providers in California is that the CCPA provides for a private right of action for California consumers.

CCPA, Litigation, U.S. State Law

Terms and Conditions: Recent Supreme Court Decisions Highlight There is More to Consider than Just the Privacy Policy

May 13 2019

Alexis Miller Buese

Your website is essential to your online business. By developing and presenting an online presence, however, you take on legal obligations to your users. It is, therefore, a timely exercise to stop and take stock of your terms and conditions in light of recent developments in the law, consumer expectations, and your legal risk profile. The privacy policy has been getting a lot of attention lately as many websites, services and apps are rushing to get their new privacy policies in place in light of the California Online Privacy Protection Act (“CalOPPA”). But updating the privacy policy is only one step in protecting your business in this digital economy. Terms and conditions are an important tool for limiting a company’s exposure to the various legal risks inherent in conducting business online. Boilerplate provisions can leave you exposed and frustrate your customers. Companies should critically consider the nature and needs of the business and transactions that may occur on their websites to determine what types of provisions will be beneficial and best practices for creating a binding contract.

Terms and conditions generally specify the rules governing the use of a website or mobile application. Since every website is different, custom-drafted terms and conditions are necessary to protect a particular business. Well-crafted terms and conditions might address issues such as payment, taxes, refunds, gift certificates, accounts, disclaimers, user behavior on your site, warranties and limitations on liability.

General, Litigation, Online Privacy

Regulatory Update: NAIC Spring 2019 National Meeting

May 09 2019

Stephanie H. Dobecki, Ellen M. Dunn, Andrew Holland and Michael L. Rosenfield

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. This post summarizes the highlights from this meeting.

Big Data, Insurance, Policy, U.S. State Law

Fifth Annual Sidley Privacy and Cybersecurity Roundtable

May 06 2019

Data Matters Contributors

We held our 5th Annual Privacy and Cybersecurity Roundtable on May 1, in Washington, D.C. The event featured the Chair of the European Data Protection Board Andrea Jelinek and FTC Commissioner Noah Phillips. Other government speakers represented the White House, UK’s Information Commissioner’s Office, and staff members from the U.S. Senate and House of Representatives. Other distinguished panelists included Cam Kerry of Brookings and Jane Horvath from Apple. The speakers addressed privacy and cybersecurity enforcement in the U.S. and EU, Brexit, Online Harms and the prospects for federal privacy legislation. The insightful program was followed by a competition between the sausage-making (and brewing) achievements of leading privacy jurisdictions such as Brussels, California, Washington, D.C. and China (representing a privacy continuum!). Sidley also commemorated “20 Years of CyberLaw at Sidley” – two decades since the founding of today’s Privacy and Cybersecurity practice. We look forward to continuing to thrive and serve our clients. We hope to see you at next year’s Privacy and Cybersecurity Roundtable.

Enforcement, European Union, General, International, Legislation, Policy, U.S. State Law

Washington State Comprehensive Privacy Bill Loses Steam, Data Breach Law Amendment Heads to Governor’s Desk

May 02 2019

Colleen Theresa Brown and Elizabeth MacGill

As the legislative session drew to a close, what once seemed like an inevitability suddenly looked unlikely. The Washington Privacy Act, SB 5376/HB1854, failed to make its way through the legislative process. The Bill’s sponsor, Sen. Reuven Carlyle, called the game on April 17, tweeting that despite the “unprecedented 46-1 vote” in the Senate, “[u]nfortunately, House failed to pass privacy legislation this year. We’re committed to 2020.” Nevertheless, the State of Washington did pass notable privacy legislation, albeit on a more narrow topic.

CCPA, Cybersecurity, Data Breaches, Legislation, U.S. State Law

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

Apr 30 2019

Meenakshi Datta, Kate Heinzelman, Rina Mady and Britney Alexandrea Garr

New Annual HIPAA Penalty Tiers

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties.

Enforcement, Health Privacy, HHS, HIPAA, Online Privacy

Calif. Privacy Law Will Likely Prompt Flood Of Class Actions

Terms and Conditions: Recent Supreme Court Decisions Highlight There is More to Consider than Just the Privacy Policy

Regulatory Update: NAIC Spring 2019 National Meeting

Fifth Annual Sidley Privacy and Cybersecurity Roundtable

Washington State Comprehensive Privacy Bill Loses Steam, Data Breach Law Amendment Heads to Governor’s Desk

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

Categories

Archives

Contacts