Category

Data Brokers

02 January 2020

Oregon Requires Vendors to Report Data Breaches

While much of the New Year attention has been focused on California due to the effective date of the California Consumer Privacy Act, a new Oregon law also went into effect on January 1, 2020 complicating compliance with data breach obligations. The law is unique among state data breach notification laws in that it imposes a direct obligation on vendors to provide regulatory notice to the state. It also requires vendors to provide notice to the data owner within 10 days.  This new regulatory notice requirement may take some control away from data “owners” that typically manage (and often contractually demand sole control over) initial regulator communications with regard to incidents impacting their data.  However, the new requirement may also incentivize service providers to take more responsibility for incident response.

(more…)

EmailShare
19 September 2019

In an Eagerly Anticipated Decision, the Ninth Circuit Sides With Web Scrapers

For years, companies seeking to block web scrapers from collecting the information on their website would invoke the Computer Fraud and Abuse Act (CFAA), a U.S. law that criminalizes accessing a computer “without authorization.” But the U.S. Court of Appeals for the Ninth Circuit has now ruled that merely instructing scrapers that they are not welcome on a public website, either through a restrictive terms of use or a cease-and-desist letter, is probably not enough to render their access “unauthorized” under the CFAA. This decision is encouraging news for the many hedge funds, academic researchers and other data aggregators that use software bots to compile information online.

(more…)

EmailShare
17 September 2019

Final California Consumer Privacy Act Amendments Bring Practical Changes (But Your Business May Now Be a California “Data Broker”)

After months of wrangling, the California legislature has finally passed a set of significant amendments to the California Consumer Privacy Act (CCPA), a sweeping data privacy and security law commonly referred to as “California’s GDPR” (Europe’s General Data Protection Regulation). Employee personal information and personal information obtained in business-to-business (B2B) interactions are now mostly out of scope. Personal information in credit reports and other data covered by the Fair Credit Reporting Act is also largely exempt. Only personal information that is “reasonably” capable of being associated with a consumer or household is subject to the act. And aggregate or deidentified information definitively does not qualify as CCPA personal information.

(more…)

EmailShare
XSLT Plugin by BMI Calculator