“Should we do a Zoom?” It has taken little more than a month for the Zoom video conference platform to take its place among the likes of Google, Kleenex and Xerox as brand names synonymous with the product or service being offered. But with that name recognition comes scrutiny, and Zoom is getting plenty. The privacy and security issues associated with Zoom have been well-documented. As a result, Zoom is now facing class action lawsuits from both shareholders and users. And the use of Zoom (and other platforms) can raise ethics issues for lawyers.


Continue Reading Zooming into New Privacy Issues

Smart companies have been worried about data security for years—no one wants to be in the headlines as the next big company to have a breach, the next corporation to face a class action lawsuit or the next business facing federal or state regulatory scrutiny.  It’s only heightened in recent years as companies faced new regulations imposed by the GDPR and the CCPA.  Well, things are not getting any better in 2020—now an increasing number of municipalities are getting in on the act.

San Francisco was the first city to have this awakening in 2017. In response to the Equifax data breach on September 7, 2017, San Francisco filed claims against Equifax under California’s Unfair Competition Law (UCL).  A few months later, Los Angeles brought a similar lawsuit against Uber claiming that the company paid hackers to delete stolen data and failed to notify consumers of the breach in violation of the UCL.  But most state statutes do not give cities standing to bring lawsuits.


Continue Reading Parking Tickets, Jaywalking, and Cybersecurity Breaches at Multinational Companies: City ordinances are coming off the streets and into the server room

The California Consumer Privacy Act (the “CCPA”), as initially passed, was the hastily-drafted alternative to an even more stringent ballot initiative, resulting in a seemingly endless list of open questions about how it would be interpreted and enforced. Since its passage on June 28, 2018, privacy pundits around the nation have opined about the meaning of the first domestic privacy regulation reminiscent of its European cousin, the GDPR.

In response, the California legislature entered its 2019 session considering a whopping 19 possible amendment bills to the CCPA. When the dust settled, seven of those bills were signed into law.


Continue Reading Seven amendments to CCPA answer the statute’s open questions – sort of

GavelOn April 24, 2019, the U.S. Supreme Court issued an important decision touching a number of hot button issues and litigation threats facing American businesses — including class actions, arbitration agreements and data privacy.

The case, Lamps Plus, Inc. v. Varela, 17-988, 2019 WL 1780275 (U.S. Apr. 24, 2019), stemmed from a data breach in which a hacker posing as a company official “tricked” a Lamps Plus employee into disclosing the tax information of approximately 1,300 workers.  Among those 1,300 workers was Frank Varela, the named plaintiff.  Id. at *2.  Following the data breach, Mr. Varela became the victim of identity theft when a fraudulent federal income tax return was filed in his name. 
Continue Reading SCOTUS Catapults Class Arbitration Onto the Endangered Species List

Business man on laptopOne of the most common things we discuss with clients is the need to ensure that privacy policies accurately reflect the actual procedures in place for handling confidential information.  The SEC reiterated that point last week in a Risk Alert that encouraged SEC-registered companies to review their written policies and procedures to ensure adequate implementation and compliance with the law.  In the Risk Alert, the Office of Compliance Inspections and Examinations (“OCIE”) published a list of issues under Regulation S-P (the privacy rule) it has seen in the context of exams.
Continue Reading SEC: Practice What You Preach on Privacy

FingerprintNo Actual Harm Necessary to Assert Biometric Privacy Claims in Illinois

Today the Illinois Supreme Court held that an individual does not need to allege actual harm in order to seek liquidated damages and injunctive relief under the Illinois Biometric Information Privacy Act (BIPA or the Act) 740 ILCS 14/1 et seq.  In Rosenbach v. Six Flags Entertainment Corp., the Court unanimously found that a plaintiff need only allege a technical violation of BIPA in order to be sufficiently “aggrieved” under the Act.  The Court’s holding today is likely to embolden potential plaintiffs and increase the already considerable number of BIPA-related cases throughout Illinois and the country.
Continue Reading BIPA ALERT: An Opening of the Litigation Floodgates?

Match stick DeskJust when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”).  The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States.  There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:

Continue Reading California and GDPR “light”: A Match Made in Plaintiffs’ Lawyers’ Heaven?

Media and the LawFor more than 30 years, the Kansas City Media and the Law Seminar has been at the forefront of important discussions in the media bar.  As this year’s committee chair, I may be a bit biased, but I think the focus of the seminar coming up on May 3-4 is one of the most important topics we have tackled to date: The impact of technology, culture, and politics on media freedoms.  There’s no doubt that our media and political climate has changed dramatically over the past few years, and technology continues to push the envelope as laws struggle to keep up.  It’s fascinating to think that at least half of this year’s panels involve topics that didn’t even exist when this seminar started — things like “social media,” “fake news,” and “Tweets.” 
Continue Reading Join Vedder Price at the 31st annual Media and the Law Seminar

GDPR CalendarWhat Is GDPR?
The EU General Data Protection Regulation (GDPR),—described as “the most important change in data privacy regulation in 20 years”—becomes enforceable by law on May 25, 2018. After four years of preparation and debate, GDPR was approved by the EU Parliament in April 2016 to replace the Data Protection Directive 95/46/EC. According to the EUGDPR.org, the overarching purpose of GDPR is to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” Expected to comply are organizations located within the EU; that offer goods or services to, or monitor the behavior of, EU data subjects; and all companies processing and holding the personal data of data subjects residing in the EU.


Continue Reading 100 Days Until GDPR … Are You Ready?