Privacy & Cybersecurity

BIPA prohibits the unlawful collection and storing of biometric information and has very strict requirements. It broadly defines “biometric information” to include retina scans, iris scans, fingerprints, palm prints, voice recognition, facial-geometry recognition, DNA recognition, gait recognition, and scent recognition. Watch this 2-minute video explaining what you need to know about BIPA, how BIPA penalties work, and which states are looking to follow its lead.

This blog post focuses on the Illinois Artificial Intelligence Video Interview Act (“AIVIA”). Watch this 2-minute video explaining what AIVIA means for companies in the new digital world and in the COVID-19 remote environment. 

This post focuses on the California Consumer Protection Act of 2018 (the “CCPA”).  The CCPA went into effect on January 1, 2020, and its enforcement is set to begin on July 1, 2020.  We are already seeing a wave of privacy class actions with CCPA allegations and the resulting litigation trends. Watch this 3-minute video highlighting what you need to know about the CCPA, when it applies, and what consumer rights the companies must honor for California residents.

In these latest series of blog posts focusing on privacy litigation trends, we discuss four key privacy laws that will impact U.S.-based companies in 2020-2021. These laws are especially relevant for companies seeking to employ Artificial Intelligence (“AI”). Watch this 3-minute video explaining these key privacy laws.

The California AG’s office has dropped the long-awaited final CCPA Regulations, and requested expedited review from the Office of Administrative Law.    If this request is granted, the regulations will be effective by July 1.

In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach.  The court ordered the release of the unredacted cybersecurity report, despite that it was prepared in anticipation of litigation at the direction of outside counsel.  Despite ordering the release of the report itself, the court denied (without prejudice) the class plaintiffs’ request to also compel the disclosure of the “related materials,” finding that these materials may still qualify for protection, and that this issue was not yet adequately briefed. 

Privacy risks of using big data in the fight against COVID-19 are significant, and have caught the attention of Republicans and Democrats alike. Earlier this month we reported on a bill introduced on May 7 by Republican members of the Senate Commerce, Science and Transportation Committee: the COVID-19 Consumer Data Protection Act of 2020.”  

The American Securities Association (“ASA”), a financial industry trade association representing regional and small financial services companies, has sued the Securities and Exchange Commission (“SEC”) to prevent the SEC from using the Consolidated Audit Trail (the “CAT”) initiative to gather personal data of retail investors.

In the current environment, there exists historic levels of “dry powder” in the private equity industry. We have previously provided thoughts regarding challenges and opportunities facing the private equity industry generally.

Amidst multiple investigations into the privacy and security practices at Zoom Video Communications (“Zoom”), New York Attorney General Letitia James recently announced a settlement agreement with Zoom after the failings of the platform were brought to light by the spike in Zoom video conference participants amid the COVID-19 pandemic.

Last month, we reported that the United States Senate, Committee on Commerce, Science, and Transportation, conducted a hearing on “Enlisting Big Data in the Fight Against Coronavirus.” Specifically, the Committee focused on “examin[ing] recent uses of aggregate and anonymized consumer data to identify potential hotspots of coronavirus transmission and to help accelerate the development of treatments.”

As we previously discussed, FINRA issued guidance to member firms and their associated persons in April 2020 to remain “vigilant in their surveillance against cyber threats and take steps to reduce the risk of cyber events.”

You might find some suggestions here to add to your lists!

In Part 5 of our Roadmap Series, we take a closer look at COVID-19 screening and testing, including best practices and legal implications, as potential tools to maintain a safe workplace.

The organization known as Californians for Consumer Privacy announced yesterday that it successfully secured enough signatures to qualify adding the California Privacy Rights Act (“CPRA”) to the state’s November 2020 ballot. The group’s founder Alastair Mactaggart is a well-know public figure who was the driving force behind the infamous California Consumer Privacy Act of 2018 (the “CCPA”), which just went into effect in January.

We have been discussing the abrupt roll-out of remote workforce capabilities both in this space and in our recent webinar. As companies raced to get employees up and running remotely, business continuity was the primary focus, while privacy and cybersecurity issues likely took a backseat.

Kestra Investment Services LLC (“Kestra”) was fined $125,000 by FINRA for sharing personal customer data with a third-party vendor.

The Coronavirus Aid, Relief and Economic Security (“CARES”) Act has created a flurry of far reaching considerations for affected businesses, ranging from tax, employment, and even telehealth.

The New York Department of Financial Services (“NYDFS”) recently issued new guidance to regulated entities regarding cybersecurity awareness during the COVID-19 pandemic - citing a significant increase in cybercrime and criminals seeking to exploit the pandemic.

The Mintz Privacy team has been tracking privacy issues related to COVID-19. We have been featured in various publications talking about cybersecurity risks, GDPR regulations, the California Consumer Privacy Act, and more.