In just a few short months, on January 1, 2020, the California Consumer Privacy Act (CCPA) is set to go into effect, establishing new consumer privacy rights for California residents and imposing significant new duties and obligations on commercial businesses conducting business in the state of California. Consumer rights include the right to know what

Cross-Posted from The Global Privacy Watch Blog

In Part 1 of our ‘Texas Joins the Privacy Fray’ series, we focused on the Texas Consumer Privacy Act. Here, we shine the light on the Texas Privacy Protection Act (HB 4390).

The TXPPA is distinguishable from both the TXCPA and the CCPA because the applicability threasholds are different. For the TXPPA to apply, a business must 1) be doing business in Texas; 2) have more than 50 employees; 3) collect personally identifiable information (“PII”) of more than 5,000 individuals, households, or devices (or has it collected on the business’s behalf); and 4) meet one of the following two criteria – the business’ annual gross revenue exceeds $25 million; or the business derives 50% or more of its annual revenue from processing PII.
Continue Reading

Cross-Posted from The Global Privacy Watch Blog

Last month, Texas saw the introduction of not one, but TWO privacy bills in the Texas state legislature: The Texas Consumer Privacy Act (TXCPA) and the Texas Privacy Protection Act (TXPPA). With news of this likely meeting with a collective groan and shoulder shrug, we do have some good news for you.

Both bills’ foundations are set with familiar CA Consumer Privacy Act (“CCPA”) language. Unfortunately, this is also bad news because they both suffer from the same problems found in the CCPA – we’ll explain below. It’s also still early in the game, with the bills having just been filed in the state legislature. Given that there is time in the legislative session for amendments to be made and especially considering the ‘ring-side’ view Texas lawmakers have to the CA legislative and Attorney General rule/procedure process currently unfolding, it would be unreasonable not to expect changes. Finally, the bills are reactive responses to the national (or international) focus on privacy issues of late and may allow impacted businesses a grace period, as we’ve seen in the CCPA. In this blog, we shine the light on the first of these bills: The Texas Consumer Privacy Act.
Continue Reading

California, home to more than 40 million people and the 5th largest economy in the world, has passed the California Consumer Privacy Act (CCPA), its omnibus consumer privacy law. The law creates sweeping new requirements concerning the collection, maintenance, and tracking of information for both employees or customers who are residents of California. Many aspects of the implementation and enforcement are still being finalized by the California Attorney General. However, companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
Continue Reading

Seyfarth Shaw Partner Jordan Vick is on the panel for the “Playing by the Rules: Rule Changes Essential to Your Practice” session on Friday, November 16, at Georgetown Law’s 15th annual Advanced eDiscovery Institute in Washington, D.C.

Session topics include:

  • The 2015 Amendments to the FRCP and their actual impacts on practitioners, including unintended consequence

Seyfarth Shaw Offers Data Privacy & Protection in the EU-U.S. Desktop Guide and On-Demand Webinar Series

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4%

Seyfarth eDiscovery Partner Richard Lutkus, along with William Lederer from Relativity and Patrick Zeller of Gilead Sciences, Inc., will host a panel discussion titled “Brave New Words: Cloud Data Collection, Processing, and Hosting” at this year’s RelativityFest on October 24, 2017.

This session will provide attendees with information about new data collection methods with tools

In his last week in the Office, President Obama issued a report on data privacy and cybersecurity, “Privacy in Our Digital Lives: Protecting Individuals and Promoting Innovation” (January 2017). The report serves as a high-level overview on how people’s interaction with technology has changed in the last several years and what the government has done to protect individual privacy while advancing economy and national security. The report also highlighted the path forward. Many of the initiatives currently in the works or yet to come will require strong cooperation between the government and the private sector.

Some of the data-privacy highlights pointed out in the report are:

  • Financial Privacy. The BuySecure Initiative announced by President Obama in 2014, which encouraged the deployment of new security technology (e.g., chip-and-PIN cards) for payments made in the United States.
  • Broadband Privacy. New rules approved by the Federal Communications Commission (FCC) that give consumers more control over how Internet Service Providers (ISPs) use their data, requiring ISPs to obtain user consent before sharing sensitive information they collect with advertisers and other third parties.
  • Drone Privacy. Six Federal entities that use government-operated drones – the Departments of Defense, Homeland Security, the Interior, Justice and Transportation, and the National Aeronautics and Space Administration – have put in place privacy policies for their use of drones pursuant to President Obama’s 2015 Presidential Memorandum on safeguarding privacy in domestic use of unmanned aircraft systems.
  • Children’s Privacy. The Children’s Online Privacy Protection Act (COPPA), enacted in 1998, was modernized in 2012 to address changes in technology and better protect online privacy of children under the age of 13.
  • Student Privacy. President Obama’s Student Privacy Pledge has been signed by over 250 companies, including some of the Nation’s largest, that have agreed to limit collection and sharing of student data.
  • International Commercial Privacy. The Obama Administration has undertaken a big task of putting in place the EU-U.S. Privacy Shield framework, which involved months of drafting and negotiations with the EU authorities. The Privacy Shield’s provision of comprehensive privacy protections, backed by FTC enforcement, was key to ensure that cross-border commercial data transfers continued after the invalidation of Safe Harbor.
  • Legislative Reforms. In 2015, President Obama signed into law the USA Freedom Act, which ended the U.S. Intelligence Community’s collection of bulk telephony metadata under the USA Patriot Act. The USA Freedom Act creates a more targeted approach whereby the government would generally require judicial permission to access call records held by telecommunications providers.

The Report also included “Areas for Further Attention,” which the Obama Administration hoped the new Administration would focus upon. These Areas are as follows:


Continue Reading