By: Michelle Hon Donovan, Brandi Taylor and Angelica Zabanal
Last Friday, September 13, 2019, marked the final day for the California Legislature to vote to pass amendments intended to clarify the terms and scope of the California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020. The bills are now on Governor Gavin Newsom’s desk for approval, and the Governor will have until October 13, 2019, to sign or veto them.
Of the CCPA amendment bills that were in consideration, the following were passed:
- AB 25, regarding employee exemption
- AB 874, regarding the definition of PI (personal information)
- AB 1146, regarding warranty and vehicle repairs
- AB 1355, regarding the B2B exemption and other clarifying amendments
- AB 1564, regarding toll-free telephone number exception
Also of note, AB 1130 – a bill that does not specifically amend CCPA – also passed. This bill expands the categories of PI covered by California’s data breach notification laws, which will now include tax identification numbers, passport numbers, military identification numbers and unique identification numbers issued on a government document, as well as certain types of specified unique biometric data. This expansion is anticipated to impact liability under the CCPA’s private right of action
While not an exhaustive list of the bills that stalled during the legislative process, the following bills of note failed to be passed by the legislature:
- AB 873, regarding the definition of de-identified
- AB 846, regarding customer loyalty programs
- AB 981, regarding exemption for certain insurance transactions
While the approved amendments did not significantly overhaul the CCPA, several notable changes were made. Please see our Alert for a detailed discussion of these changes.
On November 21, 2018, the Pennsylvania Supreme Court ruled that the University of Pittsburgh Medical Center (UPMC) had a legal duty to exercise reasonable care to protect sensitive employee information against an unreasonable risk of harm when that information is stored on an internet-accessible computer system. Dittman v. UPMC, No. 43 WAP 2017 (Pa. Nov. 21, 2018). In doing so, the Court made clear that the criminal acts of third parties who may breach a computer system do not alleviate the legal duty on a business to protect such information. The Court further held that the economic loss doctrine (a doctrine that precludes tort cases where the loss is purely monetary) did not apply in this case because the legal duty to protect sensitive employee information exists independently from any contractual obligations between the parties.
Visit the Duane Morris LLP website to read the full Alert.
It seems like we constantly are hearing about Internet hacks and the stealing of personally identifiable information online. At this point, we use the Internet for so many positive aspects of our lives. Given that we inevitably are online, what are some steps that we can employ to keep our private information safe?
Here are just a few simple tips to keep in mind:
First, it is important to protect your credit card information. One way of doing this is to check and see that the website you are logging onto is secure. One thing to look for is whether the URL begins with HTTPS and not just HTTP. Also, it is important to log out of your customer accounts when you are done with transactions — especially financial transactions. Continue reading How to Keep Your Personally Identifiable Information Secure Online
Thumb drives, keyboards, and mice, oh my! That’s right, these USB devices now may be the latest “lions, tigers, and bears” to fear in our high-tech world.
According to a recent Reuters article, such USB devices possibly can be compromised to hack into personal computers in a previously unknown form of attack that supposedly can side-step current security precautions.
As reported by Reuters, Karsten Nohl, a chief scientist at SR Labs in Berlin, has stated that hackers potentially can load software onto very small and inexpensive chips that control the functions of USB devices, but which presently do not have “built-in shields” that would prevent tampering with the devices’ operative code.
Continue reading Wait, Now USB Devices May Be Unsafe Too?
One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online. iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Continue reading mHealth App Use: Is Data Truly Protected?