Written by: Chase Langhorne, Esq. Starting on January 1, 2020 amendments to data breach notification statutes in Illinois, Oregon, and Texas take effect. Illinois The Personal Information Protection Act ("PIPA") requires public and private entities that handle non-public personal information to notify affected Illinois residents following a data breach. An amendment now requires public and private entities to also notify the Office of the Attorney General of any data breach affecting more

Written by: Sean Cox, Esq. On December 23, 2019, in a case of first impression, a unanimous Georgia Supreme Court reversed the trial court and Court of Appeals in a putative data breach class action, holding that there were sufficient allegations of a legally cognizable injury to survive a motion to dismiss. The case arose out of the 2016 hack of Athens Orthopedic Clinic (“AOC”) in which the names, addresses,

Written by: Richard Sheinis, Esq. Over the past year, Chinese regulators have sought to crack down on the collection and use of personal data by mobile apps. New regulations published jointly by China's Cyberspace Administration, Ministry of industry and Information Technology, Ministry of Public Security, and State Administration for Market Regulation, address the illegal collection and use of personal data by mobile app developers.  Requirements for mobile apps include

Written by: Richard Sheinis, Esq. Doorstep Dispensaree, a London-based pharmacy which supplies medicine to individuals and care homes, left approximately 500,000 documents in unlocked containers stored in a courtyard at one of its premises.  Documents contained personal data including names, addresses, dates of birth, medical and prescription information.  The documents were not secure, and the condition of the documents indicated they had been stored outdoors for some time.  This

Written by: Richard Sheinis, Esq. The e-Privacy Regulation, which was supposed to be a close cousin to the General Data Protection Regulation, was first proposed by the European Commission in January 2017.  However, here we are nearly 3 years later, and the latest draft of the e-Privacy Regulation was once again been rejected by the Permanent Representatives Committee Of The Council on November 22. After numerous drafts and revisions the

Written by: Richard Sheinis, Esq. In yet another attempt to pass federal privacy legislation, on November 26, U.S. Senator Maria Cantwell, D-Wash., introduced the Consumer Online Privacy Rights Act ("COPRA").  COPRA would apply to information that identifies or is reasonably linked to an individual residing in the U.S. or a consumer device.  COPRA would generally exclude most non-profits, certain financial institutions and telecommunications and common carrier activities.  Many small

Written by: Chase Langhorne, Esq. In an ever-increasing data driven world, India's proposed Personal Data Protection Bill ("PDPB") took a step forward on December 4th when the Indian Prime Minister Narendra Modi approved the bill for tabling in parliament. The PDPB was first proposed in 2018 and is designed to protect the personal data of Indian citizens. Similar to GDPR The PDPB is said to be modeled after GDPR and provides

Written by: Chase Langhorne, Esq. In May 2019 Singapore's data protection authority, the Personal Data Protection Commission ("PDPC") took steps to update its existing data protection legislation, the Personal Data Protection Act (2012). The PDPC issued a statement regarding their progress and introduced new data breach notification procedures that are expected to be a part of the updated legislation. Those notification measures use deadlines similar to GDPR, but the

Written by: Chase Langhorne, Esq. A recent public records request to the California DMV shows that the California DMV is selling personal information drivers provide to receive a driver's license to private companies to the tune of roughly $50 million per year. The reasoning provided by a representative of the California DMV is that "[i]nformation is only released pursuant to legislative direction." The protection of individuals' personal information is at