Cybersecurity Bits and Bytes

The Illinois Senate recently passed legislation by a 46-13 vote that would significantly amend the Illinois Biometric Information Privacy Act (“BIPA”).[1] Senate Bill 2979 (“SB2979’),
which Senate President Pro Tempore William Cunningham introduced, includes a significant benefit to corporations, employers, and other private entities in Illinois by clarifying that, in a case where the

In the Illinois Senate, a recently proposed Biometric Information Privacy Act (BIPA) amendment seeks to change how BIPA claims accrue, limiting the amount of damages available in instances where there are multiple violations.The Cothron decision, which held that BIPA claims accrued each and every time biometrics were collected, transmitted, or stored absent a written release,

The California Chamber of Commerce filed a petition to the California Supreme Court on February 20, 2024, seeking review of a February 9, 2024 appellate decision that paved the way for the state’s privacy enforcement agency, the California Privacy Protection Agency (CPPA), to start enforcing the California Privacy Right Act’s updated regulations immediately.The CPPA filed

California Attorney General Rob Bonta announced a settlement between the State of California and DoorDash on February 21, 2024, regarding allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling its California customers’ personal information without providing notice or an opportunity to opt out. The

The New York Department of Financial Services (NYDFS) finalized amendments to its cybersecurity regulations on November 1, 2023, marking a significant update in the state’s approach to cyber threats. The process involved multiple stages, starting with a pre-proposal in July 2022, followed by two additional proposals in November 2022 and June 2023. The final version,

On October 27, 2023, the Federal Trade Commission (FTC) announced a significant amendment to the agency’s Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This amendment, reflecting an increasingly strident stance by the FTC on cybersecurity topics, mandates that non-banking financial institutions report certain data breaches and security events. Interestingly, the prudential banking regulators introduced data

On Friday, July 14, the California Privacy Protection Agency (“CPPA”) Board held a public meeting to address a broad, fourteen-point agenda that ranged from updates on the Agency’s budget to the status of ongoing rulemaking to enforcement.  On the issue of enforcement, the Agency’s new Deputy Director of Enforcement, Mr. Michael Macko, first addressed the recent

The Illinois Supreme Court’s most recent rulings have cut both ways while further clarifying the contours of litigating Illinois Biometric Information Privacy Act (“BIPA”) claims. On one hand, its decision in the Cothron v. White Castle System case seemingly continues its trend to expand theoretical BIPA liability by both greatly magnifying the scope of theoretical

On March 15th, the Securities and Exchange Commission (“SEC”) issued a proposed rule to revise Regulation S-P (“Proposed Regulation S-P”) which implements the privacy and security requirements of the Gramm-Leach-Bliley Act (“GLBA”) and certain other laws.  The new proposed rule was issued almost exactly 15 years after the SEC issued proposed, but never finalized, revisions