On February 7, 2020, the California Office of the Attorney General released Modified Regulations to the California Consumer Privacy Act (“CCPA”). The Modified Regulations update the Initial Proposed Regulations, which were previously published on October 11, 2019. The deadline to submit written comments is February 24, 2020 at 5:00 pm PST. We will follow up […]
US State Law
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of […]
Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action
On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
Time for a General Federal Privacy Law? Peter Swire Opens the Discussion on Potential Preemptive Effects
The IAPP article, “US federal privacy preemption part 1: History of federal preemption of stricter state laws,” written by Alston & Bird Senior Counsel Peter Swire and published on January 9, 2019, discusses the potential for a general U.S. privacy law and whether and to what extent this new federal law would “preempt” state privacy […]
South Carolina Insurance Data Security Law Now Effective
South Carolina’s prescriptive data security law for insurers took effect on January 1, 2019. Subject to specified exemptions, the law requires any person licensed pursuant to South Carolina insurance laws to take certain steps, including among other things notification of specified cybersecurity events to the South Carolina Department of Insurance. Covered persons are also required […]