Cybersecurity Bits and Bytes

The Vita cases The Massachusetts Supreme Judicial Court (SJC) recently addressed whether the term “communications” in Massachusetts’ 1968 Wiretap Act (MWA) includes when a patient interacts with a hospital’s website and determined that such interactions did not qualify for protection under the statute. This is a significant decision for businesses that have been fending off

On October 8, 2024, the Supreme Court granted certiorari inMcLaughlin Chiropractic Associates, Inc. v. McKesson Corporation and McKesson Technologies, Inc., (No. 23-1226) to address whether the Hobbs Act requires district courts to follow the FCC’s interpretation that the Telephone Consumer Protection Act (“TCPA”) does not prohibit faxes received via “online fax services.”Getting to

Veto for the California Consumer Privacy Act of 2018: opt-out preference signalOn September 20, 2024, California Governor Gavin Newsom vetoed a proposed law (Assembly Bill 3048) that would have strengthened protections under the California Consumer Privacy Act (CCPA) by requiring internet browsers and mobile operating systems to offer consumers the ability to exercise their privacy

The Illinois Senate recently passed legislation by a 46-13 vote that would significantly amend the Illinois Biometric Information Privacy Act (“BIPA”).[1] Senate Bill 2979 (“SB2979’),
which Senate President Pro Tempore William Cunningham introduced, includes a significant benefit to corporations, employers, and other private entities in Illinois by clarifying that, in a case where the

In the Illinois Senate, a recently proposed Biometric Information Privacy Act (BIPA) amendment seeks to change how BIPA claims accrue, limiting the amount of damages available in instances where there are multiple violations.The Cothron decision, which held that BIPA claims accrued each and every time biometrics were collected, transmitted, or stored absent a written release,

California Attorney General Rob Bonta announced a settlement between the State of California and DoorDash on February 21, 2024, regarding allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling its California customers’ personal information without providing notice or an opportunity to opt out. The

The California Chamber of Commerce filed a petition to the California Supreme Court on February 20, 2024, seeking review of a February 9, 2024 appellate decision that paved the way for the state’s privacy enforcement agency, the California Privacy Protection Agency (CPPA), to start enforcing the California Privacy Rights Act’s updated regulations immediately.The CPPA filed

The New York Department of Financial Services (NYDFS) finalized amendments to its cybersecurity regulations on November 1, 2023, marking a significant update in the state’s approach to cyber threats. The process involved multiple stages, starting with a pre-proposal in July 2022, followed by two additional proposals in November 2022 and June 2023. The final version,

On October 27, 2023, the Federal Trade Commission (FTC) announced a significant amendment to the agency’s Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). This amendment, reflecting an increasingly strident stance by the FTC on cybersecurity topics, mandates that non-banking financial institutions report certain data breaches and security events. Interestingly, the prudential banking regulators introduced data