October 2019

shutterstock_294483038

As businesses and privacy professionals were holding their breath awaiting the California Governor’s signature on pending amendments to the much anticipated California Consumer Privacy Act (“CCPA”), California’s Attorney General took the spotlight yesterday by releasing the similarly anticipated CCPA Regulations, Cal. Code Regs. tit. 11, .§999.300, et seq. (“Regulations”). Since the passage of the CCPA in June 2018, the regulations to accompany the CCPA have been touted as “guidance” on how to comply with the CCPA. Although only in draft form, some may argue that the newly released regulations increase the CCPA compliance burden, while others may argue the Regulations merely provide much needed detail on how to comply with the CCPA.

On October 10, 2019, California’s Office of the Attorney General released a notice of proposed rulemaking action, text of the proposed regulations, initial statement of reasons, and economic impact statement. The deadline to provide comments is December 6, 2019. 
Continue Reading The Regs are In! California’s Attorney General Releases the Long Awaited CCPA Regulations

Biometric Security Image 829

On September 5, 2019, the federal district court for the Northern District of Illinois issued an order that denied a motion to dismiss a class action brought under the Illinois Biometric Information Privacy Act (“BIPA”). Although the claims in Rogers v. CSX Intermodal Terminals, No. 19-2937, 2019 U.S. Dist. LEXIS 151135 (N.D. Ill. Sept. 5, 2019) largely survived a motion to dismiss, the district court did hand the defense bar a small—but potentially significant—victory.

The plaintiff in Rogers is a former truck driver.  His duties included visiting CSX facilities to pick up and deliver freight. The plaintiff was required to scan his fingerprints to gain entrance to the facility. The plaintiff filed a BIPA class action based on CSX’s failure to provide the required disclosures before collecting his fingerprints and to maintain a publicly available policy on CSX’s retention of biometric data. The complaint also alleged that CSX’s violations were intentional and reckless, an allegation which if proven would result in a $5,000 per violation penalty. 
Continue Reading A BIPA Defense Victory—If You Squint