Businesses defending themselves against charges under the California Invasion of Privacy Act (CIPA) sometimes find that exclusions and limitations in their insurance policies for cyber or commercial general liability (CGL) leave them exposed, attorney Kathryn Rattigan said in a blog post Thursday. For CIPA claims, her key takeaway is "don’t assume your insurance will cover [a] privacy lawsuit," the Robinson+Cole lawyer added.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
Draft regulations to implement the New Jersey Data Protection Act (NJDPA) may exceed the statute, said advertising, tech industry and news media groups in comments to the New Jersey attorney general’s office’s Division of Consumer Affairs. They suggested that New Jersey try to align more closely with other states that have comprehensive privacy laws.
A federal judge dismissed several claims against Chinese technology company ByteDance, including that it violated the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA). But in the Friday ruling, U.S. District Court for Northern Illinois Judge Georgia Alexakis allowed a claim ByteDance violated the Biometric Information Privacy Act (BIPA), as well as the restitution and unjust enrichment claim against the company, to continue in the privacy case.
California legislators refined a proposed update to the California Delete Act on Tuesday. Now on third reading and awaiting a floor vote in the Assembly, SB-361 by Sen. Josh Becker (D) would require data brokers to disclose more types of personal information in their state registrations than they do now.
A Michigan-based health system with more than 70 providers suffered a data breach last year that exposed personal information of almost 140,000 individuals, a law firm said Monday. Two states also recently reported the breach of Aspire Rural Health System. The company may have violated state and federal laws by disclosing the breach well after it occurred.
While recent court decisions have added to a circuit split on the Video Privacy Protection Act (VPPA) of 1988 (see 2508190026), some have also introduced notable interpretations of how the statute should apply, privacy lawyers said in interviews with Privacy Daily.
A Montana neurotechnology privacy law enacted this year “signals a shift toward integrating neural data protections within existing biological data laws,” Morrison Foerster lawyers Linda Clark, Melissa Crespo and Katherine Wang blogged Friday.
The U.K. Home Office is rolling out 10 Live Facial Recognition (LFR) vans across the country to help catch high-harm criminals, it announced Wednesday. The move brought howls from a civil liberties group and a response from the Information Commissioner's Office (ICO).
Legislation significantly revamping Israel's data protection law took effect Thursday, but the country's privacy watchdog said it will delay enforcement of one of its provisions until October.