This post was originally published as a Seyfarth Legal Update.

In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.” He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about technology users, including “the places we go,” and argued that “we need serious federal protections for Americans’ privacy. That means clear limits on how companies can collect, use and share highly personal data,” including location data.

Continue Reading Buckle Up: How Privacy Policy And Antitrust Enforcement Could Affect Automakers In 2023

This post was originally published on Seyfarth’s Gadgets, Gigabytes & Goodwill blog.

Ransomware attacks have become one of the most common and pervasive cybercrimes perpetrated against US companies. A bad actor, often from overseas, will gain access to upload malware onto a company’s network storage or application platforms that encrypts all files it can access. A message or text file is usually left with instructions on how to contact the attacker to pay a ransom for the decryption key. In the worst case, a ransomware attack can freeze the business operations by effectively removing access to the company’s critical systems and rendering them useless. Aside from the business impact, what legal implications are created by a ransomware attack?

Continue Reading Ransomware Attacks: Harmless Annoyances or Catastrophic Events?

Even before the COVID-19 pandemic, businesses around the world had been bracing for the financial and operational impact of the new California Consumers Privacy Act (“CCPA”), which took effect January 1, 2020. Despite existing and ongoing uncertainty around how to comply and interpret the law, the courts had already began seeing private class actions brought under the CCPA (or using the CCPA as a placeholder with Business and Professions Code Section 17200 and tort claims) filed in February—each presenting interesting and far-reaching legal questions about the new law.
Continue Reading The Impact of COVID-19 on the California Consumer Privacy Act

Seyfarth attorneys Robert Milligan, John Tomaszewski, and Darren Dummit are presenting “The California Consumer Privacy Act – What It Is and What Clients Need to Know, Particularly in Light of COVID-19,” a webinar for ITechLaw on April 7, 2020, at 9 a.m. Central.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and it establishes new
Continue Reading Seyfarth Attorneys to Present “The California Consumer Privacy Act – What It Is and What Clients Need to Know, Particularly in Light of COVID-19” Webinar

Several high profile ransomware attacks have recently rocked the franchise world fomenting uncertainty and anxiety about franchisors’ legal obligations and liability. Ransomware attacks essentially kidnap a company by shutting down its systems and holdings its data hostage until a ransom fee is paid. In addition to the quantifiable hard costs of paying ransom and hiring experts to mitigate damage and re/build cyber defenses, ransomware victims can be damaged by: (a) third-party liability to the customers and other original owners of compromised data; (b) interruption of business operations during the course of and recovery from an attack; and (c) injury to reputation value in the loss of consumer confidence, appearance of incompetence, and customer attrition. In today’s digital golden era, data is among the world’s most valuable assets, earning the tagline: “data is the new oil.” It therefore comes as no surprise that cybersecurity, which has been a hot topic for years, is garnering increased attention and resources from businesses of all sizes and stages. Yet with each new development in defensive cybersecurity, cybercriminals come up with just as many ways to get around those defenses.
Continue Reading Franchisors: Are You Covering Your Digital Assets?

Cross-posted from the Carpe Datum Law blog. 

In our May blog post, we took issue with the broadcast statement that ‘consumer privacy law was sweeping the country and that other states were jumping on the California Consumer Privacy Law (CCPA) bandwagon to enact their own state law.’ The problem as we saw it, was that the truth behind these sensationalistic statements was a bit more nuanced than people were led to believe. Most states, we found, that introduced consumer privacy legislation simply did not follow through, either by outright killing the legislation (MS) or by taking a step back with a wait and see approach (see TX). Nevada, by contrast, did neither. Instead, its legislature enacted its own consumer privacy solution, through SB 220, or as we call it, ‘the limited privacy amendment.’ We’ve opted to discuss Nevada’s approach here primarily because of its more restrictive application online and because its October 1, 2019, operational date is a full three months before the CCPA becomes operational.

First, the limited privacy amendment is not the CCPA. Let’s make that perfectly clear. True, it was modeled on the opt-out section of the CCPA, but it isn’t a mirror copy as it amends existing law. There are three primary areas operators conducting business over the Internet need to be aware of, when evaluating compliance measures:  
Continue Reading Nevada: Bucking the Wait and See Approach to Consumer Privacy Law

In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what personal information a business is
Continue Reading Upcoming Webinar Series! California Consumer Privacy Act: Is your organization ready?

Cross-Posted from The Global Privacy Watch Blog

In Part 1 of our ‘Texas Joins the Privacy Fray’ series, we focused on the Texas Consumer Privacy Act. Here, we shine the light on the Texas Privacy Protection Act (HB 4390).

The TXPPA is distinguishable from both the TXCPA and the CCPA because the applicability threasholds are different. For the TXPPA to apply, a business must 1) be doing business in Texas; 2) have more than 50 employees; 3) collect personally identifiable information (“PII”) of more than 5,000 individuals, households, or devices (or has it collected on the business’s behalf); and 4) meet one of the following two criteria—the business’ annual gross revenue exceeds $25 million; or the business derives 50% or more of its annual revenue from processing PII.
Continue Reading And Texas Joins the Privacy Fray – Part 2 (or, Everything is Bigger in Texas…)

Cross-Posted from The Global Privacy Watch Blog

Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.

Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading And Texas Joins the Privacy Fray – Part 1 (or, the Elephant in the room just got a LOT bigger…)

The American Intellectual Property Law Association (AIPLA) will host its annual Spring Meeting in Philadelphia on May 15-17, 2019.

Loews Philadelphia Hotel
200 Market Street
Philadelphia, PA 19107

Seyfarth Partner John Tomaszewski is on the panel for “The California Privacy Act of 2018: A Review of California’s New Privacy Law and Tips for Implementing Compliance Measures” session on Thursday, May
Continue Reading Seyfarth Partner John Tomaszewski to Present at the AIPLA 2019 Spring Meeting