Cyber Security, Information Governance & Privacy

On April 22, the Washington State Legislature passed H.B. 1071, a bill designed to strengthen the state’s data breach notification law. The bill, which will take effect March 1, 2020, if and when signed, includes the following amendments:

  1. Expands the definition of “personal information” – Previously, “personal information” was limited to an individual’s name,

Washington was close to becoming the next state with a comprehensive privacy law designed to enhance consumers’ privacy rights, but the bill recently failed to pass the state House of Representatives.

The Washington Privacy Act (SB 5376) was introduced in the Washington State Senate in January after California enacted the landmark Consumer Privacy Act (“CCPA”)

Author Stephen R. Covey has written, “Management is efficiency in climbing the ladder of success; leadership determines whether the ladder is leaning against the right wall.”[1] With the first quarter in full swing, community banks are preparing proxy statements, finalizing annual meeting agendas, and marshaling items for board attention. Now is the perfect time for

The FTC issued a press release last week seeking comment on proposed changes to two rules under the Gramm-Leach-Bliley Act of 1999 (the “GLBA Act”) to increase data security for financial institutions and better protect consumers. 

The Commission has sought comment on the Safeguards Rule and the Privacy Rule under the GLBA Act. The

Requiring an employee or consumer to submit any dispute to binding arbitration as a condition of employment or purchase of a product or service is commonly referred to as “forced arbitration.”  Many times, the employee or consumer is required to waive their right to sue or to participate in a class action lawsuit.  Critics argue

On February 22, the United States District Court for the Northern District of Illinois granted a defendant’s motion to dismiss in a Driver’s Privacy Protection Act (DPPA) putative class action, holding that the DPPA does not provide a private right of action against state officials in their official capacities. A copy

On February 13, the U.S. Chamber of Commerce released model data privacy legislation and urged Congress to pass a federal data privacy law.

“Technology has changed the way consumers and businesses share and use data, and voluntary standards are no longer enough,said Tim Day, senior vice president of the Chamber’s Technology Engagement

On January 25, the Illinois Supreme Court sided with consumers in issuing a unanimous decision that a Six Flags season pass holder could bring a claim under Illinois’ Biometric Information Privacy Act (the “BIPA”) based on the amusement park’s collection of customer fingerprints—even absent allegations of real-world injury.  This opinion provides a boost to the

Nearly every American with a cellphone has had it happen to them. You receive a call from an unknown number with an automated message pitching refinance options for the loan you don’t have, or consolidation options for the student loan you already paid off.

In a new report released by Hiya, a Seattle-based spam-monitoring service,

On January 28, Thomas W. Thrash, Jr., the Chief Judge of the United States District Court for the Northern District of Georgia, issued four decisions on motions to dismiss in cases arising out of the Equifax data breach. Below are a few noteworthy takeaways. 

Factual Background

From mid-May through the end of July 2017, hackers