Privacy

Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects

Written by

The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy protections. This article, the first of two parts, primarily focuses on the history of federal privacy legislation. Swire looks at the arguments for and against a general federal privacy law in light of the historical trends of federal privacy legislation […] Read more

Rich Willis and Laura K. Song share insights on the challenges data localization poses for the payments industry via Bloomberg BNA

Written by

Rich Willis, partner in the Financial Services & Products Group, and Laura K. Song, associate in the Privacy & Data Security Team, co-authored the Bloomberg BNA article “Data Localization Poses Challenges for Payments Industry and Innovation.” In the article, Willis and Song discuss the different jurisdictional approaches to data localization and the impacts faced by those in the payments industry. With the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA), data privacy has been the focus of recent attention but the article addresses why [...] Read more

Alston & Bird Hosts John Frank of Microsoft to Kick Off IAPP Europe Data Protection Congress 2018

Written by

Alston & Bird’s annual event to kick off the IAPP Europe Data Protection Congress 2018 featured a fireside chat with John Frank, Vice-President, EU Government Affairs at Microsoft. Moderated by Peter Swire, Senior Counsel at Alston & Bird, the discussion provided practical insights into areas that are expected to shape privacy and data protection around the world. Mr. Frank also discussed Microsoft’s approach to global compliance amidst a wide array of privacy and data protection laws and regulations. John Frank John Frank leads Microsoft’s government affairs teams in Brussels […] Read more

FTC Publishes Report Regarding Privacy Workshop

Written by

In October 2018, the Federal Trade Commission (“FTC”) published a report that summarized discussions at a December 2017 workshop discussing the potential impact to consumers of privacy and security incidents. The purpose of the workshop was to explore whether government intervention in this arena is warranted under the enforcement authority granted to the FTC under the FTC Act, 15 U.S.C. § 41 et seq. The report reveals that the workshop participants identified several types of potential impacts that they believe consumers may face in the wake of a data security incident that could warrant [...] Read more

Alston & Bird Issues Advisory on Applying GDPR Experience to CCPA Implementation

Written by

Alston & Bird recently issued an advisory entitled, “Applying GDPR Process Lessons to the CCPA,” authored by Jim Harvey and Karen Sanzaro. The recently and hastily adopted California Consumer Privacy Act of 2018 (CCPA) has already been compared to the General Data Protection Act (GDPR), though the two greatly differ in scope and content.  However, there are valuable insights to glean from the GDPR adoption process that can give companies a heads start on implementing the CCPA. The advisory examines these five lessons from which companies can learn: Leadership and multidisciplinary [...] Read more

Governor Jerry Brown Signs Amendment to the California Consumer Privacy Act

Written by

On September 23, 2018, Governor Jerry Brown signed SB 1121, the amendment to the California Consumer Privacy Act (CCPA).  SB 1121 attempts to clean up some drafting errors and ambiguities in the original legislation (AB 375), but it also effectively reduces the procedural obstacles to the CCPA’s private right of action by removing the requirement that a plaintiff first notify the Attorney General before filing a lawsuit pursuant to the CCPA, which would have provided the Attorney General the opportunity to order a plaintiff not to proceed.  For a more in-depth analysis of the private right of […] Read more

An Update on the California Consumer Privacy Act and Its Private Right of Action

Written by

While it remains to be seen what the final text of the California Consumer Privacy Act (CCPA) looks like when it is ultimately implemented on January 1, 2020, at present it seems likely that businesses and employers can expect an influx of lawsuits from individual consumers proceeding under the CCPA’s private right of action.  Under the current version of the CCPA, the Act provides a private right of action for consumers whose personal information “is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and […] Read more

CFPB Changes Annual Notice Requirement Under Reg. P

Written by

On Friday, the Consumer Financial Protection Bureau announced its “finalized amendments” to Regulation P, an implementing regulation of the federal financial Gramm Leach Bliley Act. Regulation P governs the provision of privacy notices for covered financial institutions. In response to legislation passed by Congress in late 2015, the final rule issued Friday permits financial institutions to avoid providing annual privacy notices to customers in certain circumstances. In addition, in cases where the annual notice requirement remains, the final rule permits financial institutions additional [...] Read more

Alston & Bird Hosts Sept. 12 Webinar on California Consumer Privacy Act

Written by

Save the date! On Sept. 12, 1 – 2 PM ET, Alston & Bird will host a webinar to analyze the new California Consumer Privacy Act. (You can read our prior advisory.) The California Consumer Privacy Act has been compared to the European Union’s General Data Protection Regulation due to its creation of important new privacy rights likely to require significant compliance activity by many companies. Partners Jim Harvey, David Keating, and Senior Counsel Peter Swire will lead discussion of this comprehensive new legislation currently slated to enter into force in less than 18 months.   Registration [...] Read more

LabMD: The End of the FTC in Cyber or Just a New Path?

Written by

The U.S. Court of Appeals for the Eleventh Circuit recently issued its opinion in LabMD, Inc. v. FTC, No. 16-16270 (11th Cir. June 6, 2018), declaring unenforceable a Federal Trade Commission (FTC) order requiring LabMD to implement an extensive cybersecurity plan. The case is noteworthy for its lengthy procedural background—during which time LabMD became defunct—and its holding, which has called into question the FTC’s authority to impose wide-ranging, comprehensive cybersecurity plans. The LabMD matter dates to 2005, when LimeWire file sharing software was installed on a company computer, [...] Read more