The Matrix

Ransomware On the Rise: Unwary Victims May Pay Twice

Posted by

Given the speculation and concern over ransomware attacks impacting the 2020 U.S. election, the recent spate of private companies falling victim to such attacks, and the October 1, 2020 advisory issued by the Department of Treasury (“Advisory”), it is no surprise that ransomware is trending in cybersecurity. More

Federal U.S. Autonomous Vehicle Bill Would Update Safety Standards and Require Detailed Privacy and Cybersecurity Plans

Posted by

On September 23, 2020, Representatives Bob Latta (R-Ohio) and Greg Walden (R-Ore.) re-introduced the “Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution Act’’ or the ‘‘SELF DRIVE Act” to create a federal framework for autonomous vehicles (“AVs”).  The measure lacks bipartisan support and is not expected to reach the floor of the House of Representatives during this session.  But the continued effort demonstrates the importance that many lawmakers put on promoting a U.S.-led effort in the development of self-driving vehicles.  The matter likely will be among the key transportation themes before the next session of Congress, which convenes in January.  On the Senate side, policymakers have not advanced autonomous vehicle bills.  In the previous congressional session, an autonomous vehicle policy measure advanced in the House but came up short in the Senate. More

In the Wake of Schrems II: US Government’s White Paper Aims to Assist Confused Companies, Push Back on “Wild West” Privacy Characterization

Posted by

In response to the Court of Justice of the European Union’s (CJEU) recent Schrems II decision that, among other things, invalidated the Privacy Shield Framework (previously covered in The Matrix), various agencies of the US Government co-published a White Paper providing background on US intelligence agencies’ data collection activities and limitations thereon. Although the White Paper is intended to “assist organizations in assessing whether their transfers offer appropriate data protection in accordance with the [CJEU’s] ruling,” the agencies stressed that it “is not intended to provide companies with guidance on EU law or what positions to take before EU regulators or courts.” More

Latest Draft of Washington Privacy Act Addresses Pandemic Contact Tracing

Posted by

Undeterred by previous failed attempts to bolster Washington state laws protecting individual privacy, earlier this month Washington State Senator Reuven Carlyle announced on his Twitter account that the draft Washington Privacy Act 2021 (the “Bill”) is available for public comment. This is the State of Washington’s most recent attempt to strengthen protections for consumer privacy, following the lead of California and the California Consumer Protection Act (“CCPA”).

While the Bill contains many similarities to the State of Washington’s previous attempts, included with the Bill are new provisions related to contact tracing aimed to “instill public confidence on the processing and use of their personal and public health data during any global pandemic[.]” These new provisions apply protections related to the processing of certain “covered data” for the purposes of “detecting symptoms of an infectious disease, enabling the tracking of an individual's contacts with other individuals, or with specific locations to identify in an automated fashion whom individuals have come into contact with, or digitally notifying, in an automated manner, an individual who may have become exposed to an infectious disease, or other similar purposes directly related to a state of emergency declared by the governor[.]” The covered data subject to the new protections includes “personal data and one or more of the following: specific geolocation data, proximity data, or personal health data.”

While the new Bill presents the opportunity for the State of Washington to fill the gap created by the absence of comprehensive federal protection, the Bill still lacks a private right of action, which was one of the primary reasons for predecessor bill’s failure to pass. You can access the entire Bill here or view an overview, with helpful comparisons to the CCPA and the predecessor bill, here.

Considerations When Receiving a Civil Investigative Demand

Posted by

A number of U.S. federal agencies have authority to issue a type of administrative subpoena called a Civil Investigative Demand (“CID”) to obtain relevant information as part of an investigation. For example, both the Federal Trade Commission (“FTC”) and the Consumer Financial Protection Bureau (“CFPB”) have authority to issue CIDs to obtain documents and testimony in investigations related to privacy, data security, deceptive marketing, and financial fraud. This article identifies some items to consider when receiving a CIDs based on my experience issuing and reviewing hundreds of CIDs as an enforcement attorney in the Chicago office of the FTC. More

Data Déjà Vu: European Union’s Highest Court Invalidates EU-U.S. Privacy Shield Framework

Posted by

What Happened?
On July 16th, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield framework (one of the three primary mechanisms that permit the lawful transfer of personal data to the U.S. from the EU), finding that U.S. personal data protections are not satisfactory so as to be “essentially equivalent to those required under EU law.” More

The Article III analysis for BIPA claims takes a new turn

Posted by

Last month, the Seventh Circuit issued a highly anticipated ruling concerning Article III standing for claims brought under the Illinois Biometric Information Privacy Act (BIPA).

More

BIPA Class Action Trends to Watch in 2020

Posted by

The Illinois Biometric Information Privacy Act (BIPA) is the only biometric privacy statute in the country with a private right of action. In the last two years, litigation under BIPA has dominated privacy law headlines. There are hundreds of BIPA class action lawsuits pending in Illinois state and federal courts, with new filings each week. More

Privacy Tips for Ed Tech Companies and Schools Conducting Remote Learning

Posted by

As schools increasingly are adjusting to remote learning and utilizing education technology (“ed tech”) services, both schools and their ed tech service providers need to consider the appropriate collection and usage of student personal information.  Here are some tips for protecting students’ privacy and safeguarding personal data: More

Jump to Page