In an opinion issued Friday, the Illinois Supreme Court handed a potentially significant victory to plaintiffs advancing claims under Illinois’ Biometric Information Privacy Act and seeking statutory damages under that law. The Court held that plaintiffs do not need to assert injury or harm outside of a relevant violation of the statute itself in order […]
Privacy & Cyber Regulatory Enforcement
EU and Japan Publish a Joint Release on Their Mutual Adequacy Decisions
On January 23, 2019, the Personal Information Protection Commission of Japan (the “PPC”) and the European Commission (the “Commission”) jointly announced the adoption of the decisions recognizing each other’s personal data protection systems as equivalent. The Commission launched the process leading to the adoption of the adequacy decision in September 2018 and successfully completed the […]
Massachusetts Amends Data Breach Notification Law
Massachusetts Governor Charlie Baker has signed legislation amending the state’s data breach notification law, and the amendments will take effect on April 11, 2019. The new requirements relate to the timing and content of individual and regulator notifications, as well as credit monitoring services offered to affected residents. The key amendments include the following provisions. […]
Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects
The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy […]
Michigan Enacts Insurance Data Security Model Law
Michigan enacted the Michigan Data Security Act on December 28, 2018, imposing stringent cybersecurity measures on any person (individual or corporate) licensed by the Michigan Department of Insurance and Financial Services. Based on the 2017 NAIC data security model law and nearly identical to the South Carolina Insurance Data Security Act, the Michigan statute will […]