The new Department of Justice (DOJ) Data Security Program (DSP) took effect on April 8. For an overview of the DSP, see our earlier advisory and recent update.
California AG Announces Second CCPA Settlement, Asserting DoorDash Failed to Deliver Privacy
In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) by selling consumers’ personal information without providing notice or an opportunity to opt out.
Navigating the Privacy Landscape: Insights from Troutman Pepper’s 2023 Privacy Year in Review
In an era where privacy, security, and artificial intelligence are at the forefront of many business operations, staying informed about the latest developments is crucial. Our 2023 Privacy Year in Review is an in-depth analysis of the past year’s significant advancements and challenges in these areas.
NJ Charges Into 2024 With New Privacy Law
On January 16, New Jersey became the first state this year to enact a comprehensive privacy law, S332, which applies to businesses conducting operations in the state or targeting its residents. As noted in this article by our privacy team, similar to other state comprehensive privacy laws, S322 grants consumers the right to confirm, correct, delete, obtain a copy of their personal data, and opt out of its processing for targeted advertising, sale, or profiling. Controllers and processors are obligated to limit data collection, establish security practices, and provide a privacy notice. They are also required to conduct a data protection assessment for processing activities that pose a heightened risk of harm to consumers. The New Jersey Attorney General’s Office has exclusive authority to enforce violations, treating them as “unlawful practices” under the New Jersey Consumer Fraud Act. The law takes effect on January 16, 2025, with an 18-month grace period for organizations to correct violations before enforcement actions are taken.
FTC Comment Request Signals Joint Enforcement With State AGs Will Continue Increasing
On June 7, the Federal Trade Commission (FTC) announced a request for information (RFI) to gain additional insight into how it can optimize joint enforcement with state attorneys general (state AGs) to protect consumers from fraud. The announcement signals a growing trend of cooperation between the FTC and state AGs, which we have also seen between the Consumer Financial Protection Bureau (CFPB) and the state regulators.
AI: Impact and Use in Background Screening (Part Five)
Many companies use machine learning algorithms and artificial intelligence (AI) to assist with employment decisions and tenant screening. In our final episode, Stephen Piepgrass and colleagues Ron Raether and Dave Gettings examine the use and impact of AI in background screening, including the potential risks companies may face with increased reliance on AI.
CISA’s Expanded Authority and Federal Requirements: Time for Energy, Water, and Other Critical Infrastructure to Recharge Their Cyber Policies
Critical Infrastructure Must Soon Report Cyber Incidents to CISA Immediately
In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national
False Claims Act Risk for Government Contractors: Aerojet RocketDyne Settlement Latest Chapter
Introduction
On April 29, Aerojet Rocketdyne Holdings Inc. (Aerojet) settled claims by whistleblower Brain Markus for a reported $9 million after the second day of a jury trial.[1] This is the second recent settlement under the False Claims Act (FCA) relating to alleged misrepresentations about a company’s cybersecurity practices and systems in connection with
NAAG Launches Center on Cyber and Technology: A Potential Roadmap for AGs and Companies Alike
Creation of CyTech. On May 9, the National Association of Attorneys General (NAAG) announced the creation of the NAAG Center on Cyber and Technology (CyTech), joining a number of other centers focused upon key issues for state attorneys general and the public, including tobacco and public health, ethics and public integrity, and consumer protection.
Purpose:
Ninth Circuit Provides Guidance on Web Scraping
On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was