Photo of Edgar Vargas

Edgar Vargas

Subscribe to Edgar Vargas's Posts

Edgar is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.

Follow:Read more about Edgar VargasEdgar's Linkedin Profile

Key point: In response to an open records request submitted by Troutman Pepper Locke, the New Jersey Attorney General’s office provided copies of all cure letters sent pursuant to New Jersey’s consumer data privacy law and resolved by the recipient.

As shown by recent enforcement actions in California, including its most recent $12.5 million fine, the risk for companies that are out of compliance with state consumer data privacy laws has never been higher. As more state laws go into effect and cure periods sunset, the risk will only grow. One state where the enforcement risk may be higher is New Jersey.

In an era where privacy, security, and artificial intelligence are at the forefront of many business operations, staying informed about the latest developments is crucial. Our 2023 Privacy Year in Review is an in-depth analysis of the past year’s significant advancements and challenges in these areas.

On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was

A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich., June 25, 2019), Gary Lin, a Virginia resident, filed a putative class-action lawsuit against Crain Communications, Inc. (Crain), a Michigan-based publishing

We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently

On February 4, the New York Department of Financial Services (DFS) released the Cyber Insurance Risk Framework (Framework), which is considered the first guidance by a U.S. regulator on cyber insurance. The Framework is aimed at property and casualty insurers that provide cyber insurance, as well as other insurers that do not write specific cyber

On January 11, the Federal Trade Commission (FTC) announced it has settled with a California-based photo app developer involving allegations that it was building and using its users’ photos and videos to create facial recognition technology without their express consent.

Facial recognition software is typically comprised of three steps: detection, mapping, and identification. During the

Seven state attorneys general, led by New York Attorney General Letitia James, reached a settlement with Residual Pumpkin Entity LLC (formerly known as CafePress LLC) (“CafePress”), related to a 2019 data security incident, exposing 22 million customer accounts and as many as 186,000 social security and tax identification numbers.

Background

Based on the state attorneys