Cross-posted from the Carpe Datum Law blog. 

In our May blog post, we took issue with the broadcast statement that ‘consumer privacy law was sweeping the country and that other states were jumping on the California Consumer Privacy Law (CCPA) bandwagon to enact their own state law.’ The problem as we saw it, was that the truth behind these sensationalistic statements was a bit more nuanced than people were led to believe. Most states, we found, that introduced consumer privacy legislation simply did not follow through, either by outright killing the legislation (MS) or by taking a step back with a wait and see approach (see TX). Nevada, by contrast, did neither. Instead, its legislature enacted its own consumer privacy solution, through SB 220, or as we call it, ‘the limited privacy amendment.’ We’ve opted to discuss Nevada’s approach here primarily because of its more restrictive application online and because its October 1, 2019, operational date is a full three months before the CCPA becomes operational.

First, the limited privacy amendment is not the CCPA. Let’s make that perfectly clear. True, it was modeled on the opt-out section of the CCPA, but it isn’t a mirror copy as it amends existing law. There are three primary areas operators conducting business over the Internet need to be aware of, when evaluating compliance measures:  
Continue Reading

In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what

Cross-Posted from The Global Privacy Watch Blog

In Part 1 of our ‘Texas Joins the Privacy Fray’ series, we focused on the Texas Consumer Privacy Act. Here, we shine the light on the Texas Privacy Protection Act (HB 4390).

The TXPPA is distinguishable from both the TXCPA and the CCPA because the applicability threasholds are different. For the TXPPA to apply, a business must 1) be doing business in Texas; 2) have more than 50 employees; 3) collect personally identifiable information (“PII”) of more than 5,000 individuals, households, or devices (or has it collected on the business’s behalf); and 4) meet one of the following two criteria—the business’ annual gross revenue exceeds $25 million; or the business derives 50% or more of its annual revenue from processing PII.
Continue Reading

Cross-Posted from The Global Privacy Watch Blog

Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.

Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading

The American Intellectual Property Law Association (AIPLA) will host its annual Spring Meeting in Philadelphia on May 15-17, 2019.

Loews Philadelphia Hotel
200 Market Street
Philadelphia, PA 19107

Seyfarth Partner John Tomaszewski is on the panel for “The California Privacy Act of 2018: A Review of California’s New Privacy Law and Tips for Implementing Compliance

On May 7 at 12 p.m. Central, Seyfarth attorneys Blake Hornick, Scott Carlson, and Michael Dunn are presenting a cybersecurity CLE webinar.

The Securities and Exchange Commission (SEC) is promoting more robust disclosures regarding cybersecurity risks, controls, and incidents for investors, placing increased responsibility on public companies due to the “grave threats” cyber poses on

California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading

There is no denying that social media continues to transform the way companies conduct business. In light of the rapid evolution of social media, companies today face significant legal challenges on a variety of issues ranging from employee privacy and protected activity to data practices, identity theft, cybersecurity, and protection of intellectual property.

Seyfarth Shaw

In Seyfarth’s final webinar in its series of 2017 Trade Secrets Webinars, Seyfarth attorneys Justin Beyer, Dawn Mertineit, and Ryan Behndleman presented Protecting Trade Secrets in the Social Media Age. The panel focused on how to define and protect trade secrets on social media.

As a conclusion to this well-received webinar, we compiled a summary of takeaways:
Continue Reading

WebinarOn Tuesday, September 22 at 12:00 p.m. Central, Seyfarth attorneys Karla Grossenbacher and John Tomaszewski will present “Information Security Policies and Data Breach Response Plans.” With the recent uptick of high-profile data breaches and lawsuits being filed as a result by both employees and consumers as a result, every business should take a fresh look