Category

U.S. State Law

03 December 2018

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

*This article first appeared in the Hill.com on November 19, 2018

With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.

(more…)

EmailShare
09 November 2018

State Attorneys General Election Results Will Have an Impact on Business

The results of Tuesday’s midterm elections were notable for several reasons, and not just in the races at the top of the ticket — there were also significant changes in the state Attorney General ranks. Forty jurisdictions (including Guam, Virgin Islands and the District of Columbia) had Attorney General candidates on their ballots, including open races in 13 jurisdictions. It was a somewhat strong showing for Democrats, who picked up open seats in Colorado (Phil Weiser), Michigan (Dana Nessel) and Nevada (Aaron Ford). In addition, Democrat Josh Kaul defeated incumbent Republican Brad Schimel in Wisconsin. Overall, there are 14 new Attorneys General. A chart at the end of this Update lists the results of all of Attorney General elections. (more…)

EmailShare
01 November 2018

Ohio Law Recognizes Safe Harbor in Data Breach Litigation

Companies with robust cybersecurity programs may still be vulnerable to attack. A new, first-of-its-kind law in Ohio now recognizes this fact. On November 1, 2018, the Ohio Data Protection Act (SB 220) establishes a safe harbor from state tort actions in data breach cases for entities that have developed an information security program with “administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to an industry recognized cybersecurity framework.” Without establishing minimum cybersecurity standards, the Ohio law affords defendants an “affirmative defense” against state tort actions and establishes an important precedent that may serve as a model for other states and the federal government to follow. (more…)

EmailShare
10 October 2018

California and Preemption

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy.  Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates.  First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year.  Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States.  As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.  (more…)

EmailShare
02 October 2018

The Trump Administration’s Approach to Data Privacy, and Next Steps

* This article originally appeared in Law360 on September 27, 2018.

On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy.  The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a privacy model of mandated notice and choice that has “resulted primarily in long, legal, regulator-focused privacy policies and check boxes.” Rather, the administration is proposing that U.S. privacy policy “refocus” on achieving desirable privacy “outcomes,” such as ensuring that users are “reasonably informed” and can “meaningfully express” their privacy preferences, while providing organizations with the flexibility to continuing innovating with cutting-edge business models and technologies.

(more…)

EmailShare
28 September 2018

Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” The Senators and testifying witnesses expressed strong support for a comprehensive federal privacy law. (more…)

EmailShare
26 September 2018

Developing IoT Policy from California to Washington, D.C.

The growing network of internet of things (IoT) devices is expected to reach 30 billion devices by 2020. Despite this tremendous growth, the state of IoT regulation is patchwork at best. Although the FTC is the primary security regulator for consumer IoT devices, there are no comprehensive regulations or laws specific to the unique challenges of the IoT market. This absence of clear and unambiguous standards can be a burden for IoT companies who are looking to innovate while maintaining their customers’ privacy.  (more…)

EmailShare
25 September 2018

Movement Towards a Comprehensive U.S. Federal Privacy Law: Witnesses Prepare to Testify in Senate Hearing

The last six months have been busy ones for privacy watchers, with the entry into force of the GDPR and the enactment and amendment of the California Consumer Privacy Act.

An increasing number of eyes are now turning to the U.S. Congress to see how it will react to these developments, and Data Matters – and the privacy community generally – will thus be closely watching the Senate Committee on Commerce, Science, and Transportation on Wednesday, September 26, 2018, when it hosts a hearing titled “Examining Safeguards for Consumer Data Privacy.” (more…)

EmailShare
20 September 2018

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

On July 31, 2018, the U.S. Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters.1 The OCC has indicated it will not grant a charter to a fintech company that wishes to accept deposits or engage in fiduciary activities (for business plans that involve purely fiduciary activities, a limited purpose trust charter may provide an alternative vehicle). The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.2

On September 14, the New York State Department of Financial Services (DFS) filed a federal court complaint seeking to enjoin further actions by the OCC to implement the Fintech Charter Decision and related actions, arguing that such acts are lawless, ill-conceived and destabilizing of financial markets. DFS also argued that such acts are beyond the OCC’s statutory authority and in violation of the Tenth Amendment to the U.S. Constitution, alleging that the police power to regulate financial services and products delivered within a state’s own geographical jurisdiction is among a state’s fundamental sovereign powers.3 (more…)

EmailShare
05 September 2018

Clean-Up Bill Advances to Amend the New California Consumer Privacy Act

On Friday, August 31, the California legislature unanimously passed a host of “clean-up” amendments to the new California Consumer Privacy Act (CCPA), AB 375, as it set about addressing flaws and other concerns in the state’s groundbreaking data privacy law. These amendments are now awaiting Governor Brown’s signature. (more…)

EmailShare
1 2 3 6
XSLT Plugin by BMI Calculator