Global Data Privacy and Protection Insights – Monthly Newsletter July 2019

HBS Attorney Analysis


Arkansas’s New Breach Reporting Requirements Go Into Effect This Month
By: Anthony E. Stewart, Esq.

Earlier this year, Arkansas Governor Asa Hutchinson signed HB 1943, which amends the Personal Information Protection Act. It goes into effect on July 23, 2019. The new law expands the definition of ‘personal information,’ imposes additional reporting obligations, and enacts specific retention requirements. It continues to apply to any business that acquires, owns, or licenses the personal information of an Arkansas resident.

Why Businesses Throughout The Country Should Be Worried About New York’s SHIELD Act
by: Richard Sheinis, Esq.

New York’s SHIELD Act has passed the New York Senate, and now awaits passage in the Assembly before it goes to the Governor to sign into law. While the Act contains new rules regarding data breaches and data breach notification, businesses should be most concerned about the increased geographic coverage of the Act, and the new requirement that businesses implement “reasonable safeguards to protect the security, confidentiality and integrity of the private information.”

California Consumer Privacy Act Of 2018
By: Chase Langhorne, Esq.

It may come as a surprise, but only 11 states have constitutional provisions that contain an explicit right to privacy. Specifically, California voters amended their state constitution to include the right of privacy among the inalienable rights of all people in 1972. In 2018, the California legislature passed the California Consumer Privacy Act of 2018 (CCPA), the first data privacy legislation of its kind in the United States.

Scam Alert: Virtual Kidnappings Are On The Rise
By: Anthony E. Stewart,Esq.

Your cell phone rings. You look down, and to your delight, it’s your daughter. She’s in college now and remembering to ‘give mom a call every once in a while’ seems to be an impossible task. You quickly answer, and your delight immediately turns to terror: “We have your daughter,” a voice on the other side of the phone says. “If you don’t pay her ransom, we are going to start cutting off her fingers.” The caller knows personal details about your family, including where you live. The caller ID says the call is coming from your daughter’s phone. In the heat of the moment, there is no reason for you not to believe that your daughter’s been kidnapped.

GDPR: A Year In Review And The Need For Clarity
By: Chase Langhorne, Esq.

As the first year of GDPR’s governance comes to a close, the hysteria has subsided, but the reality of the reach of GDPR is all the more real. Since its May 25, 2018 effective date European State Data Protection Authorities (“DPA”) have received more than 64,000 data breach notifications. Those 64,000 notifications have resulted in more than €56,000,000 ($62,500,000) in fines issued under enforcement actions.

Latest News and Headlines


Data Breaches

Hacker Breached Sprint Customer Accounts Through Samsung Website

DNA Test Service Exposed Thousands of Client Records Online

Data breach exposes information of thousands of patients in L.A. County
Los Angeles Times

In systemic breach, hackers steal millions of Bulgarians’ financial data

Evite Invites Over 100 Million People to Their Data Breach

Fines and Settlements

FTC reportedly approves $5 billion settlement with Facebook
CNN Business

After a Data Breach, British Airways Faces a Record Fine
The New York Times

UK proposes another huge data fine. This time, Marriott is the target
CNN Business

Settlement reached with Premera Blue Cross after data breach affected more than 270,000 Idahoans

Future of Privacy

How Biometric Data Will Shift The Privacy Conversation

California’s AB-1395 Highlights the Challenges of Regulating Voice Recognition
Future of Privacy Forum

United States

Anthony Stewart Awarded Fellow of Information Privacy Designation
Markets Insider

FDA Warns About Cybersecurity Concerns With Some Medtronic Insulin Pumps

What Texas businesses need to know about new data breach notification requirements
Houston Business Journal