Smart companies have been worried about data security for years—no one wants to be in the headlines as the next big company to have a breach, the next corporation to face a class action lawsuit or the next business facing federal or state regulatory scrutiny. It’s only heightened in recent years as companies faced new regulations imposed by the GDPR and the CCPA. Well, things are not getting any better in 2020—now an increasing number of municipalities are getting in on the act.
San Francisco was the first city to have this awakening in 2017. In response to the Equifax data breach on September 7, 2017, San Francisco filed claims against Equifax under California’s Unfair Competition Law (UCL). A few months later, Los Angeles brought a similar lawsuit against Uber claiming that the company paid hackers to delete stolen data and failed to notify consumers of the breach in violation of the UCL. But most state statutes do not give cities standing to bring lawsuits.
On April 24, 2019, the U.S. Supreme Court issued an important decision touching a number of hot button issues and litigation threats facing American businesses — including class actions, arbitration agreements and data privacy.
One of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information. The SEC reiterated that point last week in a 
No Actual Harm Necessary to Assert Biometric Privacy Claims in Illinois
As we speed past Thanksgiving and enter the holiday season, kids shouldn’t be the only ones putting together their wish lists. Here are some things that might not fit under a tree, but would certainly fill us with the joy of the season.
Just when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”). The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States. There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:
For more than 30 years, the 
What Is GDPR?
As 2017 comes to a close and companies look to planning initiatives for 2018, there is one date that should be front and center for privacy professionals: May 25, 2018. That is the date that the EU’s General Data Protection Regulation (GDPR) goes into effect, meaning that any company dealing with EU consumer data needs to have a plan in place. The GDPR has been looming for almost two years now (since its adoption on April 27, 2016), so hopefully most companies impacted by the regulation have already begun to implement compliance mechanisms. But if not, it’s not too late.