We reported last summer on two new legislative enactments in New York putting new demands on how companies handle the personal data of New York residents: the Identity Theft Protection and Mitigation Services Act (ITPMS Act), and the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). Both were signed into law on July 25, 2019, and as described below, both have since then come gradually into full effect. This includes their most significant feature: as of March 21, 2020, “any business that owns or licenses computerized data which includes private information of a resident of New York” now faces the prospect of an enforcement action by the New York Attorney General’s (AG) Office for the assessment of penalties if the company fails to develop, implement and maintain “reasonable safeguards” for the protection of that information.
Continue Reading “Reasonable Safeguards Requirement” For Personal Information of New York Residents Now Kicks In (with even broader Privacy/Security Legislation Still in the Offing)
Ninth Circuit Affirms Ruling that Plaintiffs Have Article III Standing in Illinois Biometric Privacy Class Action
On August 8, 2019, a panel of the Ninth Circuit Court of Appeals affirmed a California district court’s decision allowing plaintiffs to proceed on claims against Facebook under the Illinois Biometric Information Privacy Act (“BIPA”), 740 Ill. Comp. Stat. 14/ (2008). Patel v. Facebook, Inc., 2019 U.S. App. LEXIS 23673. The ruling marks the first federal appellate court decision affirming a broad Article III standing precedent for plaintiffs asserting claims under BIPA – which may impact both BIPA cases as well as data breach cases under the California Consumer Privacy Act (“CCPA”). The appeals court also held that the potential for large statutory damages did not constitute grounds to refuse to certify the proposed class.
Continue Reading Ninth Circuit Affirms Ruling that Plaintiffs Have Article III Standing in Illinois Biometric Privacy Class Action