The U.S. Court of Appeals for the Third Circuit recently held in Clemens v. ExecuPharm Inc. that the risk of future harm from a data breach can be enough for Article III standing, taking into consideration whether the breach was intentional, whether the data was misused, and the nature of the data accessed.
Posts published by “Eric Rosenkoetter”
Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/
On Sept. 27, Michigan Sen. Rosemary Bayer and eight fellow Democrat cosponsors introduced Senate Bill 1182, which would create the Michigan Personal Data Privacy Act. The Michigan Legislature remains in session through the end of the year.
On Aug. 11, 2022, the Federal Trade Commission issued an Advance Notice of Proposed Rulemaking seeking input that will shape potential rules “to crack down on harmful commercial surveillance and lax data security.”
On July 29, 2022, the New York Department of Financial Services published pre-proposal draft amendments to its Cybersecurity Regulations, 23 NYCRR 500.00, et seq. , that if adopted will require covered entities to implement numerous policy and operational changes.
On May 10, Gov. Ned Lamont signed into law Substitute Senate Bill 6 (Public Act 22-15), Connecticut’s version of comprehensive consumer data privacy legislation. This makes Connecticut the fifth state to enact such legislation, following California, Virginia, Colorado, and Utah. The Act will go into effect July 1, 2023.
There remain over 30 comprehensive consumer data privacy bills pending in the states, but some are falling off the chart as the legislative sessions come to an end. While the number of active bills is decreasing, there is one new state data privacy law, and others that continue to show movement.
On March 24, Utah Gov. Spence Cox signed into law SB 227, the Utah Consumer Privacy Act. This makes Utah the fourth state, behind California, Virginia, and Colorado, to enact comprehensive consumer data privacy legislation.
There are currently over 40 comprehensive consumer data privacy bills pending in the states as we enter the third month (for most states) of the legislative sessions.
The Federal Trade Commission recently amended the Safeguards Rule, 16 C.F.R. § 314.1, et seq., with significant changes to how an information security program should be designed, what it must include, and who needs to be in charge.
Despite the national and global events that took center stage in 2021, the upward trend in data privacy legislation at the state level continued and with the addition of the amendments to the Safeguards Rule, 2022 brings new compliance challenges for many businesses and financial institutions.
On Oct. 8, S.737A was signed into New York law, “requiring debt collectors to inform debtors that written communications are available in large print format.” The legislation becomes effective Nov. 7, 2021.
The Consumer Financial Protection Bureau (CFPB) announced on July 30, 2021, that it will be withdrawing its earlier proposal to extend the Regulation F effective date by 60 days. Thus, the original effective date of Nov. 30, 2021, will remain.