This post was originally published as a Seyfarth Legal Update.
In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.” He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about technology users, including “the places we go,” and argued that “we need serious federal protections for Americans’ privacy. That means clear limits on how companies can collect, use and share highly personal data,” including location data.
Even before the COVID-19 pandemic, businesses around the world had been bracing for the financial and operational impact of the new California Consumers Privacy Act (“CCPA”), which took effect January 1, 2020. Despite existing and ongoing uncertainty around how to comply and interpret the law, the courts had already began seeing private class actions brought under the CCPA (or using the CCPA as a placeholder with Business and Professions Code Section 17200 and tort claims) filed in February—each presenting interesting and far-reaching legal questions about the new law.
Seyfarth attorneys Robert Milligan, John Tomaszewski, and Darren Dummit are presenting “The California Consumer Privacy Act – What It Is and What Clients Need to Know, Particularly in Light of COVID-19,” a webinar for ITechLaw on April 7, 2020, at 9 a.m. Central.
Several high profile ransomware attacks have recently rocked the franchise world fomenting uncertainty and anxiety about franchisors’ legal obligations and liability. Ransomware attacks essentially kidnap a company by shutting down its systems and holdings its data hostage until a ransom fee is paid. In addition to the quantifiable hard costs of paying ransom and hiring experts to mitigate damage and re/build cyber defenses, ransomware victims can be damaged by: (a) third-party liability to the customers and other original owners of compromised data; (b) interruption of business operations during the course of and recovery from an attack; and (c) injury to reputation value in the loss of consumer confidence, appearance of incompetence, and customer attrition. In today’s digital golden era, data is among the world’s most valuable assets, earning the tagline: “data is the new oil.” It therefore comes as no surprise that cybersecurity, which has been a hot topic for years, is garnering increased attention and resources from businesses of all sizes and stages. Yet with each new development in defensive cybersecurity, cybercriminals come up with just as many ways to get around those defenses.
In our May blog post, we took issue with the broadcast statement that ‘consumer privacy law was sweeping the country and that other states were jumping on the California Consumer Privacy Law (CCPA) bandwagon to enact their own state law.’ The problem as we saw it, was that the truth behind these sensationalistic statements was a bit more nuanced than people were led to believe. Most states, we found, that introduced consumer privacy legislation simply did not follow through, either by outright killing the legislation (MS) or by taking a step back with a wait and see approach (see TX). Nevada, by contrast, did neither. Instead, its legislature enacted its own consumer privacy solution, through SB 220, or as we call it, ‘the limited privacy amendment.’ We’ve opted to discuss Nevada’s approach here primarily because of its more restrictive application online and because its October 1, 2019, operational date is a full three months before the CCPA becomes operational.
In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what personal information a business is
Loews Philadelphia Hotel