Privacy & Cyber Regulatory Enforcement

Washington Privacy Act Passes State Senate Laying Pathway for the Bill to Become the Second Comprehensive State Privacy Act

March 11, 2019 By Dorian Simmons

On March 6, the Washington state Senate voted 46-1 to approve the Washington Privacy Act (WPA or the Act), otherwise known as SB 5376. If the bill passes the House, the bill would become the second comprehensive state privacy legislation behind the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. The […]

Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action

February 27, 2019 By Privacy, Cyber & Data Strategy Team

On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]

The FTC Decides to Uphold the CAN-SPAM Rule Without Any Changes

February 25, 2019 By Privacy, Cyber & Data Strategy Team

On February 12, 2019, the Federal Trade Commission announced that it completed its first review of the CAN-SPAM Rule, a rule governing commercial e-mail. Based on its review, the FTC announced its decision, available here, to “retain the [R]ule in its present form.” The FTC reviewed public comments and proposals in making its determination. According […]

NYDFS Cybersecurity Regulations Nearly Fully Effective

February 15, 2019 By Kate Hanniford

The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]

Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

February 6, 2019 By Daniel Felz

As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]