UK DPA fined “parenting club” company for violation of the principle of “fairness” in processing

  On April 9, 2019, the UK Data Protection Authority, the Information Commissioner Officer (ICO), served a monetary penalty notice under section 55A of the Data Protection Act 1998 (DPA) of around $ 520,000. The fined company (Bounty) shared the personal data of over 14 million individuals to a number of organizations including credit reference and marketing agencies without informing those individuals that it might do so. According to the ICO, the company processed the personal data Read more [...]

Illinois bill aims at eliminating BIPA (Biometric Information Privacy Act)’s private right of action

  On February 25, 2019, an Illinois Senator introduced SB2134 to amend the Biometric Information Privacy Act (740 ILCS 14/1 et seq., BIPA) creating a  private right of action. The bill is currently in Committee. The majority of BIPA claims have been brought against businesses as class actions seeking statutory damages. Synopsis Amends the Biometric Information Privacy Act. Deletes language creating a private right of action. Provides instead that any violation that results from Read more [...]

Washington privacy act moves ahead

  On Friday, March 22, 2019,  the Washington State House of Representative's Committee on Innovation, Technology and Economic Development held its first public hearing on the proposed privacy legislation, SB 5376. The Washington privacy act, SB 5376, was introduced January 17, 2019 and passed its third reading in the Senate with 46 votes (against 1) on March 6, 2019. SB 5376 identifies the obligations of controller and processor. It requires controllers to facilitate subject Read more [...]

Ninth Circuit holds that websites and mobile apps of public accommodations must be ADA complaint

  On January 15, 2019, the United States Court of Appeals for the Ninth Circuit held that websites and mobile applications (app) of places of public accommodation must be fully accessible to persons with disabilities. By way of background, Plaintiff – a blind man – alleged that Defendant Domino’s Pizza, LLC, (Domino’s) failed to design, construct, maintain, and operate its website and app to be fully accessible to him, in violations of the Americans with Disabilities Act, Read more [...]

After Alabama passed its data breach law, there is no American jurisdiction without a data breach statute

On March 28, 2018, Alabama was the last State, after South Dakota, to have adopted a data breach notification statute. The Alabama Data Breach Notification Act of 2018 (S.B. 318) went into effect on June 1, 2018. According to the Alabama Statute, any “covered entity” and “third-party agent” must comply. Written notification must be made to all affected individuals unless it is determined that the breach of security “is not reasonably likely to cause substantial harm” to the individuals Read more [...]