Just over halfway through 2023, nationwide TCPA jurisprudence is focused on further delineating the scope of the TCPA. As the dust settles from earlier battles over defining ATDS requirements, the cases from this year are largely aimed at establishing who can bring a claim under the TCPA and what conduct the statute covers. We summarize here developments since our last update, listed in alphabetical order by topic area.

Continue Reading TCPA Turnstile: Scoping out the TCPA – 2023 Midyear Update (TCPA Case Update Vol. 18)

Companies that have been wrestling with exactly how to comply with the latest regulations under the California Consumer Privacy Act (“CCPA”) can breathe a sigh of relief after a California state court judge ruled last week that the newest regulations cannot be enforced until March 2024.  If you’re familiar with the changes to the CCPA, you know that regulators were supposed to have the accompanying regulations in place by July 2022, but failed to do so – in fact, the regulations were not final until March 29, 2023, nearly three months after the statutory effective date of January 1, 2023.  The California Privacy Protection Agency (“CPPA”) voluntarily extended the enforcement deadline to July 1, 2023, but even then, many companies were left scrambling until last Friday, when Judge James Arguelles of the Superior Court of California in Sacramento County entered an injunction barring enforcement of the regulations until March 2024.

Continue Reading A Welcome Delay in CCPA Regulations Enforcement

On March 15, 2023, the SEC reopened the comment period on proposed rules and amendments related to cybersecurity risk management and cybersecurity-related disclosure for registered investment advisers, registered investment companies and business development companies that were proposed on February 9, 2022. The initial comment period ended on April 11, 2022. A previous Vedder Price summary of the proposals is available here. Comments on the proposals are now due by May 22, 2023.

Continue Reading SEC Reopens Comment Period for Investment Adviser and Investment Company Cybersecurity Proposals in Connection with Other Cyber and Data Privacy Related Proposals

In a highly anticipated decision, the Illinois Supreme Court recently held that a separate claim accrues under the Illinois Biometric Information Privacy Act (“BIPA” or the “Act”) (740 ILCS 14/1 et seq.) each time biometric data or information is collected and/or disclosed.  The Supreme Court’s holding in Cothron v. White Castle System, Inc., 2023 IL 128004, is likely to have a profound impact on both the ability of plaintiffs to file BIPA claims and the calculation of liquidated damages for such claims.   

Continue Reading BIPA ALERT: Illinois Supreme Court Opens the Door to “Punitive, Crippling Liability” for Illinois Businesses

In a ruling that is unlikely to significantly alter the landscape of litigation under the Illinois Biometric Information Privacy Act (“BIPA” or the “Act”) (740 ILCS 14/1 et seq.), the Illinois Supreme Court recently clarified that a five-year statute of limitations is applicable to all claims under the Act.  The Supreme Court’s holding in Tims, et al. v. Black Horse Carriers, Inc. clarifies the applicable statute of limitations period for BIPA claims, but does not address the critical question of when claims accrue under the Act.

Continue Reading BIPA ALERT: Five Year Statute of Limitations Applicable to All BIPA Claims

As 2022 comes to a close, we wanted to look back at the most significant Telephone Consumer Protection Act, 47 U.S.C. § 227 (“TCPA”) decisions of the year.  While we didn’t see the types of landscape-altering decisions that we saw in 2021, there’s still plenty to take note of.  We summarize here the biggest developments since our last update, listed by issue category in alphabetical order.

Continue Reading TCPA Turnstile: 2022 Year in Review (TCPA Case Update Vol. 17)

Much ink has been spilled over the Executive Order Enhancing Safeguards for United States Signals Intelligence Activities (the “Executive Order”) signed by President Biden in early October.  The Executive Order is supposed to establish the United States’ commitments reflected in the March 25, 2022 joint EU-U.S. announcement of the Trans-Atlantic Data Privacy Framework (the “Framework”).  While the Framework is described as an “agreement in principle” to facilitate cross-border transfer of personal data, the Executive Order is supposed to go further, toward actually implementing the promised protective measures.  But does it?

Continue Reading Does the Latest Move in Trans-Atlantic Privacy Really Change the Game?

In a landmark decision, a Chicago federal jury found that BNSF Railway Co. (“BNSF”) violated the Illinois Biometric Information Privacy Act (“BIPA” or the “Act” (740 ILCS 14/1 et seq.) resulting in a judgment of $228 million against BNSF. The speed in which the jury delivered its verdict, and the scope of the damages calculated by the Court, should give pause to any employer or entity facing BIPA claims.

Continue Reading BIPA ALERT: $228M Judgment in First BIPA Jury Trial