The long anticipated amendments to the CCPA were passed by the California Legislature in early September and now await Governor Newsom’s signature. Some of the changes were “clean up” amendments to update cross references, standardize language, and generally address issues of drafting. What follows is a summary of the most significant and substantive amendments:
Continue reading “How We Spent Our Summer Vacation or Summary of CCPA Amendments”
The Supreme Court recently declined to review the Ninth Circuit’s decision in Zappos.com, Inc. v. Stevens, a class action suit resulting from a 2012 data breach of the online retailer. As a result, there remains a split in the courts as to whether a breach of data confers Article III standing on potential plaintiffs, even if no actual injury occurred.
Continue reading “U.S. Supreme Court Declines to Hear Zappos Data Breach Case”
The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.
The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc. This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates. Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.
Continue reading “Cybersecurity and Adware: The FTC’s Settlement with Lenovo”
This is the first in an occasional series of blog posts providing practical guidance on how to create an information governance program and how successfully to execute on specific information governance projects.
One of the most common questions we hear from organizations about information governance is “How can we get started?” We often counsel clients that the best way to get started is to look for a quick-win opportunity where information governance can add value. Even a small project can serve as a catalyst to organically spur and mature information governance.
As part of its ongoing case study series, the Information Governance Initiative (IGI) recently profiled one of the largest retailers and distributors of tires and automobile parts in the United States. Like most organizations, this company had legacy, digital data in departmental shared drives that it wanted to manage better.
Continue reading “Logging Your First Information Governance Success”
The New Jersey “Personal Information and Privacy Protection Act” was signed into law on July 21, 2017 by Governor Chris Christie and will be effective November 1, 2017.
The law restricts the way retail establishments may collect and use the personal information contained in the electronic data embedded in identification cards, such as driver’s licenses. The law responds to concerns raised by reports related to how businesses use and store personal information obtained from scanned driver’s licenses.
Continue reading “New Jersey Enacts Personal Information and Privacy Protection Act”