Retailers may be getting overwhelmed by the number of states that have enacted “comprehensive” privacy laws, and with good reason. At this point, there are privacy laws in 12 states, with one more (Delaware) likely to be signed by the governor soon. Those laws are in California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (There is also a new law in Delaware currently pending the governor’s signature). We’ll be hosting a webinar on August 1 which you can sign up for here. In the meantime, here are things to keep in mind when reading about the laws, and preparing your compliance approach:Continue Reading State Privacy Law Roundup: What Retailers Need to Know
California Attorney General Rob Bonta recently announced a new privacy investigative sweep. The AG is sending letters to businesses with mobile apps that have failed to follow the California Consumer Privacy Act (CCPA).Continue Reading Brush Up On Your Opt-Outs: Calif. AG Signals Mobile App Investigative Sweep
Governor Gavin Newsom of California vetoed a bill that would have created new limitations on data sharing for direct-to-consumer genetic testing companies.
Continue Reading California Governor Pulls the Plug on Genetic Information Privacy Act
As we move into the second quarter of 2020, governments around the country are analyzing how to best open up their economies. Part of this will include people returning to work, restaurants, retail establishments, and other places of public accommodation. Landlords, business owners, and others want to know how to take steps to reopen safely while government mitigation efforts are being developed to help slow the spread of COVID-19 until a vaccine is developed. And where authorities don’t have specific mitigation efforts, instituting protocols will fall squarely on landlords, business owners, and those who operate places of public accommodation.
Continue Reading Taking Temperatures During COVID-19: A Practical Toolkit
The U.S. Equal Employment Opportunity Commission (EEOC) updated its guidance concerning COVID-19, affirming an employer’s ability to medically test its employees for COVID-19 before allowing employees to enter the workplace. The new guidance expands employers’ options to include medical tests that detect the presence of the COVID-19 virus – not just temperature checks. The EEOC considers COVID-19 tests to be permissible because an individual with the virus poses a direct threat to the health of others.
Continue Reading As America Prepares to Return to Work, EEOC Approves Testing Employees for COVID-19
In a victory for online retailers, a New York federal court recently dismissed three putative class action lawsuits brought on behalf of website visitors whose mouse clicks, keystrokes, and electronic communications were tracked by a third-party marketing company. The cases were filed against three e-commerce retailers—Casper (a mattress manufacturer and retailer), Tyrwhitt (a men’s clothing company), and Moosejaw (an active outdoor retailer)—and against a marketing company named NaviStone. NaviStone offers computer code that allows e-commerce retailers to determine the identities of consumers who visit their websites and track their online behavior. The plaintiff alleged that the code offered by NaviStone, and embedded in the retailers’ websites, functioned as an illegal wiretap enabling the retailers and NaviStone to “spy” on website visitors in real time as they browse. The lawsuits alleged violations under the federal Electronic Communications Privacy Act (ECPA), the federal Stored Communications Act (SCA), and New York General Business law (NYGBL).
Continue Reading New York Federal Court Dismisses Nationwide Class Action Arising Out of Alleged Spying by E-Commerce Retailers
This is not a drill.
Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of the data. The owner or user of the computer is then faced with an ominous screen, displaying a countdown timer and demand that a ransom of $300 be paid in bitcoin before the owner can regain access to the encrypted data. The price demanded increases over time until the end of the countdown, when the files are permanently destroyed. To date, the total amount of ransom paid by companies is reported to be less than $60,000, indicating that companies are opting to let their files be destroyed and to rely instead on backups rather than pay the attackers. Nevertheless, the total disruption costs to businesses is expected to range from the hundreds of millions to the billions of dollars.
Continue Reading WannaCry Ransomware Alert
The U.S. Copyright Office’s new electronic system for copyright-agent registration and maintenance goes into effect on December 1, 2016, and with it comes new rules. Beginning December 1, all online service providers must submit new designated-agent information to the Copyright Office through the online registration system. Electronic designations should be filed on December 1, 2016, or as soon as possible thereafter. Service providers who fail to timely submit electronic designations will be ineligible for the safe harbor from copyright-infringement liability provided by § 512(c) of the Digital Millennium Copyright Act.
Continue Reading Don’t Lose Your DMCA Safe Harbor Protection!
The European Court of Justice (ECJ) has struck down the 15-year-old “Safe Harbor” agreement that permitted companies operating in Europe to transmit personal user data to the United States, as long as the U.S. ensures an adequate level of data protection at the company and certifies that it will abide by seven EU data privacy principles regarding notice, choice, onward transfer, security, data integrity, access, and enforcement. The case, entitled Maximillian Schrems v. Data Protection Commissioner, was decided on October 6, 2015 and has an immediate effect on European courts. See here.
Continue Reading EU Court Rejects “Safe Harbor” Agreement Permitting Customer Data Transfers to U.S.
Consumers frequently reveal personal information about themselves through a variety of daily online and offline activities. For fashion designers and retailers, this consumer information represents a valuable tool to identify, target, and expand customer advertising and messaging. This information can be utilized by employing a data broker, or a company who aggregates consumer information and do provide information about the relevant consumer marketplace. Data brokers collect, maintain, manipulate, and share a significant amount of data about consumers without ever directly interacting with them. While data brokers afford a major advantage for retailers, including fashion companies, they also raise privacy concerns for the consumers that data brokers profile. The Federal Trade Commission (“FTC”) recently issued a report summarizing the results of its study on the activities of nine data brokers, and recommended that Congress consider enacting legislation to make data broker practices more transparent or to give consumers greater control over the personal information that is collected about them and shared by data brokers. This post summarizes the portions of the FTC’s report that are most relevant for fashion retailers and designers.
Continue Reading Trending Information: The Connection Between Data Brokers and the Fashion Industry