The Vita cases The Massachusetts Supreme Judicial Court (SJC) recently addressed whether the term “communications” in Massachusetts’ 1968 Wiretap Act (MWA) includes when a patient interacts with a hospital’s website and determined that such interactions did not qualify for protection under the statute. This is a significant decision for businesses that have been fending off
Cybersecurity Bits and Bytes
Blog Authors
Latest from Cybersecurity Bits and Bytes
Supreme Court Will Again Consider Agency Authority in a TCPA Case
On October 8, 2024, the Supreme Court granted certiorari inMcLaughlin Chiropractic Associates, Inc. v. McKesson Corporation and McKesson Technologies, Inc., (No. 23-1226) to address whether the Hobbs Act requires district courts to follow the FCC’s interpretation that the Telephone Consumer Protection Act (“TCPA”) does not prohibit faxes received via “online fax services.”Getting to…
California's Journey to Regulate Technology: September 2024 Legislative Update
Veto for the California Consumer Privacy Act of 2018: opt-out preference signalOn September 20, 2024, California Governor Gavin Newsom vetoed a proposed law (Assembly Bill 3048) that would have strengthened protections under the California Consumer Privacy Act (CCPA) by requiring internet browsers and mobile operating systems to offer consumers the ability to exercise their privacy…
Fifteen Attorneys General Ask Congress Not to Replace State Privacy Laws With Federal Law
In a May 8, 2024, letter signed by the attorneys general of 14 other states, California Attorney General Rob Bonta urged Congress not to pass a version of the American Privacy Rights Act (APRA) that would preempt state consumer privacy laws. A copy of the letter can be found here. The letter takes specific…
BIPA Update: Illinois Is One Step Closer to Amending How Damages Accrue under BIPA!
The Illinois Senate recently passed legislation by a 46-13 vote that would significantly amend the Illinois Biometric Information Privacy Act (“BIPA”).[1] Senate Bill 2979 (“SB2979’),
which Senate President Pro Tempore William Cunningham introduced, includes a significant benefit to corporations, employers, and other private entities in Illinois by clarifying that, in a case where the…
BIPA Update: Another Amendment Attempt for Illinois Privacy Law
In the Illinois Senate, a recently proposed Biometric Information Privacy Act (BIPA) amendment seeks to change how BIPA claims accrue, limiting the amount of damages available in instances where there are multiple violations.The Cothron decision, which held that BIPA claims accrued each and every time biometrics were collected, transmitted, or stored absent a written release,…
California AG Announces Second Settlement Under the California Consumer Privacy Act
California Attorney General Rob Bonta announced a settlement between the State of California and DoorDash on February 21, 2024, regarding allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling its California customers’ personal information without providing notice or an opportunity to opt out. The…
California Chamber Seeks State Supreme Court Review of Privacy Act Enforcement
The California Chamber of Commerce filed a petition to the California Supreme Court on February 20, 2024, seeking review of a February 9, 2024 appellate decision that paved the way for the state’s privacy enforcement agency, the California Privacy Protection Agency (CPPA), to start enforcing the California Privacy Rights Act’s updated regulations immediately.The CPPA filed…
NY Department of Financial Services Updates Regulations on Cybersecurity
The New York Department of Financial Services (NYDFS) finalized amendments to its cybersecurity regulations on November 1, 2023, marking a significant update in the state’s approach to cyber threats. The process involved multiple stages, starting with a pre-proposal in July 2022, followed by two additional proposals in November 2022 and June 2023. The final version,…
FTC Issues Final Rule on New Breach Notice Requirement for Non-Bank Financial Institutions
On October 27, 2023, the Federal Trade Commission (FTC) announced a significant amendment to the agency’s Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This amendment, reflecting an increasingly strident stance by the FTC on cybersecurity topics, mandates that non-banking financial institutions report certain data breaches and security events. Interestingly, the prudential banking regulators introduced data…