Photo of Sheila A. MillarPhoto of Tracy P. Marshall

We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015.

Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

The new General Data Protection Regulation (GDPR) (Regulation 2016/69, Apr. 27, 2016), approved by the European Parliament and the Council of the European Union, was formally published in the Official Journal of the European Union on May 4, 2016, and will replace the Data Protection Directive (Directive 95/46/EC) effective May 28, 2018. This

Photo of Sheila A. MillarPhoto of Peter L. de la Cruz

On April 22, 2016, California’s Office of Environmental Health Hazard Assessment (OEHHA) added styrene to the Proposition 65 list of carcinogens. OEHHA maintains a list of chemicals required under Proposition 65 (formally, the California Safe Drinking Water and Toxic Enforcement Act) that are “known to the state” to be reproductive toxicants or carcinogens based on

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

At its Open Meeting yesterday, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that would apply the privacy protections in Section 222 of the Communications Act to broadband Internet Service Providers (ISPs). The text of the NPRM, which reportedly seeks public comment on more than 500 questions relating to privacy and

Photo of Sheila A. MillarPhoto of Tracy P. Marshall
Members of the Federal Communications Commission, Nov. 2013
Members of the Federal Communications Commission, Nov. 2013

On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

On March 7, 2016, the Enforcement Bureau of the Federal Communications Commission (FCC) entered into a Consent Decree with Verizon Wireless relating to the company’s use of Unique Identifier Headers (UIDH) for targeted advertising purposes.  UIDH are commonly referred to as “supercookies” because they cannot be deleted.  This concludes the FCC’s investigation into whether Verizon

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

The Supreme Court yesterday denied an attempt by a defendant to moot a class action under the Telephone Consumer Protection Act (TCPA), 48 Stat. 1064, Pub. L. 102–243 (Dec. 20, 1991) (codified at 47 U.S.C. § 227), on the basis of an unaccepted settlement offer to the named plaintiff. The case, Campbell-Ewald Co. v. Gomez