On March 10, 2021, Rep. Suzan DelBene (D-Wash.) introduced the first comprehensive consumer privacy bill of the 117th Congress. The Information Transparency and Personal Data Control Act is designed to “establish a uniform set of rights for consumers and create one set of rules for businesses to operate in,” according to a press release from
Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty
Consumers are permitted to bring suit under the CCPA if they can prove the following five elements:
Shareholder Jena M. Valdetero is quoted in a Law360 article titled “COVID Inflamed Damaging Year For Data Breach Victims.” Click here to access the Law360 article (subscription required).
Innovation and ingenuity captured by companies in the form of intellectual property (IP) can be some of the greatest corporate assets and as such, require protection. Trade secrets, in particular, are sensitive intellectual property rights because they consist of proprietary information that maintains its value based on its confidentiality or secret status.
If stolen, the
The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”1 That prohibition, however, may not apply to information once
The CPRA amended the CCPA’s definition of a service provider such that, beginning Jan. 1, 2023, a service provider could include any person (not just a legal entity), and a service provider could be a business that receives personal information “on behalf of” another business. The CPRA also added the requirement that written contracts contain
Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).
The EDPB addresses a common
The California Online Privacy Protection Act (CalOPPA) requires operators of some commercial websites to disclose whether they respond to “Web browser ‘do not track’ signals or other mechanisms that provide consumer the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web
Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen