April was another busy month for legislative activity on the California Consumer Privacy Act (CCPA), following a very busy February [see our prior post here]. A proposed sweeping revision to the CCPA, AB 1760, was withdrawn, while three key amendments, AB 25, AB 873, and AB 874, are up for a floor vote. Meanwhile, SB 561, which greatly expands the private right of action under the CCPA, is now in the Senate Appropriations Committee’s Suspense File awaiting a May 17, 2019 deadline for a vote as to whether it makes it out of the Suspense File. 
Continue Reading

After the Illinois Supreme Court’s decision in January holding that a plaintiff need not show actual harm to be an “aggrieved person” under the Illinois Biometric Information Privacy Act (“BIPA”), parties litigating under BIPA have been testing other defenses. One of those defenses is whether BIPA matters can be compelled to arbitration pursuant to an arbitration provision set forth in the parties’ agreement.

On Tuesday, April 9, the First District Appellate Court of Illinois issued its decision in Liu v. Four Seasons Hotel, Ltd., 2019 IL App (1st) 182645, holding that a BIPA claim could not be compelled to arbitration based on the language of the employment agreement at issue. Specifically, the employment agreement provided that a dispute was subject to mandatory, binding arbitration if it “is based on one of the following types of claims as defined by law:  (a) employment discrimination; (b) harassment as it relates to my employment; (c) a wage or hour violation; (d) or termination of my employment from the Hotel.” Defendant argued that plaintiffs’ BIPA claim was a “wage or hour” dispute because the scans of plaintiffs’ fingerprints were used to track the hours the plaintiffs worked and therefore, it was an “hour” violation claim. The appellate court disagreed. 
Continue Reading

This blog post is the second in a series of Q&A posts following Dykema’s February 27, 2019 webinar on the California Consumer Privacy Act (“CCPA”).  We received questions both before and during the webinar, and over the coming weeks we will be posting our responses. We will answer the most commonly-asked questions first, so please stay tuned if you don’t see your question in our first few posts. And, of course, please feel free to reach out to us if you have a unique question or would like to discuss in detail how the CCPA may apply to you.

You may see our first post here.

Thanks for reading!


Continue Reading

Data privacy litigation is not a new frontier. The Illinois Biometric Information Privacy Act (“BIPA”) has provided a private right of action for the improper collection of biometric information from Illinois citizens without consent since 2008. Even so, employers and businesses alike were caught off-guard when plaintiffs began filing class actions complaints alleging BIPA violations in 2015. Defendants scored early victories in these cases, as evidenced in the Second District Appellate Court opinion finding that actual harm, and not merely a procedural violation, must be alleged to state a claim under the Act. That ruling placed the viability of private suits under BIPA in serious doubt—because actual harm from an improper collection of biometric information is not easily pled. But then in January 2019, the Illinois Supreme Court reversed the defendant-friendly intermediate appellate ruling and held that mere procedural violations of BIPA standing alone were sufficient to withstand a motion to dismiss. That ruling breathed new life into this pattern litigation, as recent docket filings show. 
Continue Reading

This blog post is the first in a series of Q&A posts following Dykema’s February 27, 2019 webinar on the California Consumer Privacy Act (“CCPA”). We received questions both before and during the webinar, and over the coming weeks we will be posting our responses. We will answer the most commonly-asked questions first, so please stay tuned if you don’t see your question in the first one or two posts. And, of course, please feel free to reach out to us if you have a unique question or would like to discuss in detail how the CCPA may apply to you.

Thanks for reading! 
Continue Reading

February was a busy month for those monitoring the latest developments with the California Consumer Privacy Act (CCPA). After the month kicked off with a series of California Attorney General Informational Sessions, the California State Assembly’s Privacy and Consumer Protection Committee conducted a hearing with testimony from interested parties, including Alastair Mactaggart (the architect of the initiative that led to the enactment of the CCPA), representatives from the California Attorney General’s Office, public interest groups, and industry groups. This hearing also coincided with the introduction of new proposed amendments to the CCPA that would, among other things, require businesses to disclose an estimate of what they paid or received for the sale of consumer data. The month culminated with the introduction of a Senate Bill that would greatly expand the reach of the CCPA by, among other things, granting consumers a private right of action for all CCPA violations and not just data breach violations. 
Continue Reading

On Friday, January 25, 2019, California Attorney General Xavier Becerra’s Office held the fourth of its six public forums in connection with its rulemaking process for the California Consumer Privacy Act (“CCPA”). The purpose of the open forum, which was held in Los Angeles at the Ronald Reagan State Building, was to provide an initial opportunity for the public to participate in the CCPA rulemaking process. The formal rulemaking process is scheduled to begin later this year.

As noted in a prior Firewall blog post, the recently-enacted CCPA grants California consumers the right to know what information companies collect about them, the right to “opt out” from allowing companies to sell their personal information, the right to demand that companies delete collected information, and the right to receive equal service even if consumers exercise their “opt out” right. As required by the CCPA, the Attorney General must adopt its regulations on or before July 1, 2020. Businesses, however, must comply with the CCPA even before then, starting on January 1, 2020. 
Continue Reading

Over the last several years, the emphasis on privacy and data protection has grown significantly. With the amount of data collected by companies and technology skyrocketing, the need to protect personal information has been at the forefront of states’ legislative agendas. While all 50 states now have breach notification statutes, states are now taking a closer look at issues such as tracking online behavior and the use of biometric data. What used to be futuristic props in sci-fi media, face and fingerprint scanners, are now part of everyday life and consumer transactions. Despite the increase in the use of biometric data, only three states, Washington, Texas and Illinois have passed legislation addressing biometric data.
Continue Reading

In February of this year, the Securities Exchange Commission issued its updated Statement and Guidance on Public Company Cybersecurity Disclosures.  In April, the SEC issued an Order that, among other things, levied a $35 million fine against Yahoo! Inc. for failing to properly report a 2014 data breach.  These actions support the view that the SEC is consciously committing attention and resources to cybersecurity issues affecting public companies.

Here are some key takeaways from both the Guidance and from the Yahoo! Order: 
Continue Reading

Not long ago, financial technology (FinTech) startups were all seeking to disrupt the market for financial services and compete directly with financial institutions (FIs) for customers. But as these startups have grown into more mature companies, cooperation with FIs has come to replace disruption for many FinTech firms. These companies have realized that FIs can help scale their technology to larger bases of potential users, and can also help FinTechs raise capital by showing strong partnerships and FI distribution channels.

In turn, FIs now recognize that FinTech firms offer more than competition, representing potentially valuable partnerships with better technology and an improved user experience. By collaborating with FinTechs, FIs can improve product offerings and increase efficiency, all without the FIs committing significant resources to create new solutions themselves. 
Continue Reading