Cybersecurity, Information Governance, and Privacy

The California Privacy Protection Agency (CPPA) is the first state privacy agency in the nation and was created as part of the California Privacy Rights Act (CPRA). While this agency has already been formed, it will not begin enforcement activities until July 1, 2023 (six months after the CPRA takes effect).

The agency’s mandate includes

Despite overlap of alleged putative nationwide class definitions, the Judicial Panel on Multidistrict Litigation (JPML) denied Geico’s attempt to consolidate five class-action lawsuits arising from a data breach notification published in April 2021 (impacting a reported 132,000 individuals). The JPML’s decision might set a precedential limit for transfer and consolidation of smaller data breach class-action

A U.S. district judge in Illinois recently denied a motion to dismiss in a class action involving an alleged violation of the Illinois’ Right of Publicity Act (IRPA). The court determined that the defendant’s arguments were more suitable for an affirmative defense and was unpersuaded by any of the arguments.

In Krause v. RocketReach LLC

Earlier this month, the U.K.’s Age-Appropriate Design Code (referred to as the “Children’s Code”) took effect. The Children’s Code is not a law per se, but rather a set of 15 flexible standards that apply to online services, such as apps, online games, and web and social media sites, likely to be accessed by children

Earlier this month, we reported on two Senate privacy bills reintroduced from last year’s legislative session. These reintroductions are part of a broader wave of federal privacy bills, none of which are making meaningful progress toward becoming law. While the prospect of a comprehensive federal privacy law in the near term remains unlikely, a recent

This July, the Uniform Law Commission (ULC) approved a final draft of the Uniform Personal Data Protection Act (UPDPA). The ULC is a nonpartisan group, which drafts model laws with the goal of widespread state adoption. One noteworthy example is the Uniform Commercial Code (UCC), which has been adopted to some extent by all 50

We are pleased to announce that Troutman Pepper attorney Ron Raether will be presenting during the NetDiligence Cyber Risk Summit at the Loews Santa Monica Beach Hotel in California. This conference features two full days of panel discussions by leading cyber experts who will share their insights on hot topics, trends, and cybersecurity concerns. Ron

We are pleased to announce that Troutman Pepper partner Ron Raether will be a featured speaker at the American Bar Association’s Consumer Financial Services Basics Virtual Conference, on Thursday, October 21st from 3:10 to 4:10pm ET.

Ron will participate in a panel discussion entitled “Financial Privacy and Data Security,” during which the presenters will

The Central District of California recently dismissed a data breach class action for lack of standing, notwithstanding evidence that the stolen data of 40 million consumers had allegedly been offered for sale on the dark web. The court determined that the data breach could not possibly have caused a risk of identity theft, fraud, and