The California Consumer Privacy Act (the “CCPA”), as initially passed, was the hastily-drafted alternative to an even more stringent ballot initiative, resulting in a seemingly endless list of open questions about how it would be interpreted and enforced. Since its passage on June 28, 2018, privacy pundits around the nation have opined about the meaning of the first domestic privacy regulation reminiscent of its European cousin, the GDPR.
In response, the California legislature entered its 2019 session considering a whopping 19 possible amendment bills to the CCPA. When the dust settled, seven of those bills were signed into law.
On April 24, 2019, the U.S. Supreme Court issued an important decision touching a number of hot button issues and litigation threats facing American businesses — including class actions, arbitration agreements and data privacy.
One of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information. The SEC reiterated that point last week in a 
No Actual Harm Necessary to Assert Biometric Privacy Claims in Illinois
As we speed past Thanksgiving and enter the holiday season, kids shouldn’t be the only ones putting together their wish lists. Here are some things that might not fit under a tree, but would certainly fill us with the joy of the season.
Just when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”). The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States. There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:
For more than 30 years, the 
What Is GDPR?
As 2017 comes to a close and companies look to planning initiatives for 2018, there is one date that should be front and center for privacy professionals: May 25, 2018. That is the date that the EU’s General Data Protection Regulation (GDPR) goes into effect, meaning that any company dealing with EU consumer data needs to have a plan in place. The GDPR has been looming for almost two years now (since its adoption on April 27, 2016), so hopefully most companies impacted by the regulation have already begun to implement compliance mechanisms. But if not, it’s not too late.
In the past few weeks, five putative class action lawsuits have been filed under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14/1 et seq., targeting defendants in the health care, senior living, commercial baking, meat processing and security industries. These recent suits join previously filed BIPA class actions against day care operators, tanning salons, video game manufacturers, hotel groups and supermarkets as well as much larger entities, including Facebook, Google, Shutterfly, Six Flags and Snapchat. All of these suits have similar allegations at their core; that defendants utilized employees’, customers’, or other persons’ biometric identifiers, such as fingerprints, voiceprints, retina scans or facial recognition technology, in violation of BIPA’s disclosure and consent requirements. All seek recovery of BIPA’s statutory liquidated damages of $1,000 for each negligent violation, or $5,000 for each intentional or reckless violation, injunctive relief, and recovery of attorneys’ fees and costs.