Data Points: Privacy & Data Security Blog

On May 10, 2022, Connecticut became the fifth state in the U.S. to enact a comprehensive data privacy statute.

Effective July 1, 2023, the law imposes CCPA-like requirements on covered businesses. In scope and requirements, the law more closely mirrors Virginia’s and Colorado’s comprehensive privacy laws, effective January 1, 2023 and July 1, 2023, respectively. 

Effective July 1, 2022, owners of personally identifiable information on residents of Indiana must provide notice of a data breach no later than 45 days after discovering of the breach. Currently, Indiana’s data breach law requires notice of a breach “without unreasonable delay.” When the amendment goes into effect in July, the 45-day period will be the latest that notice can be given.

Utah recently became the fourth state in the United States, after California, Virginia and Colorado, to pass comprehensive privacy legislation. The Utah Consumer Privacy Act (the “UCPA”), passed by the Utah legislature as Senate Bill 227 and was signed by Governor Spencer Cox on March 24, 2022.

Invites to free webinars are not unsolicited advertisements, says Maryland federal court

The Telephone Consumer Protection Act (TCPA) prohibits sending an “unsolicited advertisement” to a fax machine, absent certain conditions. An “unsolicited advertisement” is “any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person” without prior permission.

On its face, the TCPA’s definition seemingly would not include invitations to free seminars or webinars. However, in 2006 the Federal ...

The saga of the Capital One data breach, which impacted an estimated 106 million individuals in the U.S. and Canada, may soon be coming to an end. After more than two years of litigation, the parties have reached a settlement that would resolve existing and future consumer claims arising out of the 2019 breach which impacted Capital One customer information stored in the Amazon Web Services (AWS) cloud environment. If the settlement is approved, it will be one of the largest in any multidistrict data breach litigation.

California federal court rejects plaintiff’s attempt to circumvent Facebook

In April 2021, the Supreme Court dealt a massive blow to Telephone Consumer Protection Act claims based on automatic telephone dialing systems restrictions in its Facebook, Inc. v. Duguid ruling. You can read more about the Facebook decision here. In short, Facebook significantly narrowed the definition of “automatic telephone dialing systems,” thereby eliminating TCPA liability for voice calls—or text messages—produced by those systems. Facebook, however, did not limit liability for calls that used a prerecorded or artificial voice. But because text messages do not use prerecorded or artificial voices, Facebook was considered to largely (but not completely) wipe out TCPA liability for text messages.

Today the Supreme Court issued an order staying the OSHA Emergency Temporary Standard (ETS) that would have required all employers with 100 or more employees to enforce Covid-19 vaccination or testing requirements. 

On September 9, 2021, the Biden Administration issued a variety of measures designed to promote COVID-19 safeguards and decrease the spread of the COVID-19 virus. Such measures included two Executive Orders and President Biden’s COVID-19 Action Plan, all three of which greatly impact employers of varying sizes and industries.

The legal issues surrounding COVID-19 vaccines and mandates on employees are not unique to the United States. Karin McGinnis, Co-head of Moore & Van Allen's Data Privacy Team and member of Employment & Labor and Litigation Teams, recently collaborated with 11 esteemed colleagues from Globalaw™ in creating an article examining the law on COVID-19 vaccines in the workplace across five continents.  

You can find the article here. 

For questions and specific guidance regarding workplace vaccination regulations, contact Karin at the below link.

Resolving a split in lower courts, the U.S. Supreme Court issued a ruling in June limiting the type of conduct that can be prosecuted under the federal Computer Fraud and Abuse Act of 1986 (CFAA), a statute often used by U.S. Attorneys to prosecute hackers. In a 6-3 decision, SCOTUS ruled in Van Buren v. United States that Section 1030(a)(2) of the CFAA does not impose liability on individuals who use a computer to alter or obtain information they otherwise are entitled to obtain, even when they access the information for a prohibited purpose. In so ruling, SCOTUS limited a powerful federal ...