When carrying out enforcement actions, regulators are looking for companies to be upfront about incidents and willing to work with them to solve issues, said state and federal regulators during a panel at a Practising Law Institute (PLI) cybersecurity conference Monday.
Uncommon and broadly applicable data minimization requirements in the Maryland Online Data Privacy Act (MODPA) could pose major compliance challenges for companies when the law takes effect Wednesday, privacy attorneys representing businesses said in interviews. Some advertisers could opt out of the Maryland market rather than comply with the state's comprehensive privacy law, said David LeDuc, Network Advertising Initiative (NAI) public policy vice president.
A data breach case that resulted in a forest management business agreeing to a $695,000 settlement “highlights the growing accountability companies face when consumer data is compromised,” Robinson+Cole privacy attorney Kathryn Rattigan blogged Thursday.
The California Privacy Protection Agency’s head enforcer heralded “a new era of privacy enforcement,” in an update during the CPPA Board’s Friday meeting. The agency has “hundreds” of investigations open, and in most cases the targeted businesses don’t know about them yet, said Michael Macko, deputy director of enforcement. “We haven't surfaced yet."
A Canadian security camera company with ties to China misled consumers about its privacy and security standards, Nebraska Attorney General Mike Hilgers (R) said in a lawsuit filed Tuesday. Hilgers, in an interview with Privacy Daily, discussed how he's using his office's consumer protection authority, as well as the outlook for the state's new privacy law.
DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
Although every state has a data breach notification law, each one imposes different regulations and reporting requirements, Emory Roane, associate director of policy at Privacy Rights Clearinghouse (PRC), said in a recent interview with Privacy Daily. While some protections exist at the federal level, a comprehensive breach law would help, as would data minimization principles, privacy pros added.
Marketers mustn’t take a reactive attitude to privacy compliance with enforcement heating up, said Lucas Long, InfoTrust head of global privacy, on a Thursday webinar hosted by the vendor Osano.
BOSTON -- How a company communicates with privacy enforcers and responds to potential legal action are major factors in whether a formal, public settlement is issued, Tyler Bridegan, privacy and tech enforcement director in the Texas attorney general's office, said at the IAPP AI Governance conference Thursday.
As litigation over wiretapping and other privacy claims continues to rise, having a cookie banner on your website remains an important defense, said Morrison Foerster lawyers during a webinar Wednesday. But there’s more to it than that, they added.