Illinois SB 3299 and HB 5603 are nearly identical and would create the “Consumer Privacy Act.”
Posts published in “Data Privacy and Security”
Consumer data privacy appears to be on the minds of legislators in Arizona this session. As previously mentioned, House Concurrent Resolution 2013 was introduced in Arizona on Jan. 10, 2020, by five Republicans and one Democrat declaring: That the Members of the Legislature oppose the enactment of laws, the adoption of regulations or the imposition of out-of-state standards that would restrict or otherwise dictate standards related to consumer data privacy, absent a clear nexus with consumer harm. That the Members of the Legislature believe a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach. Not…
Like many states across the U.S., Hawaii and Maryland have introduced new privacy legislation this year geared toward protecting consumers' personal information.
As California Attorney General Xavier Becerra advises consumers of all their new rights under the California Consumer Privacy Act (CCPA), multiple states are introducing their own privacy acts, some of which are remarkably similar to the CCPA. The most-watched privacy legislation is perhaps in Washington State, described below, which very nearly passed its Privacy Act last year.
It has been an extraordinary 365 days for consumer financial services law. I cannot recall a year where so many states introduced legislation or proposed regulations or rules impacting the credit industry. At the federal level, proposed rules for the Fair Debt Collection Practices Act were (finally) released and California also proposed regulations under the California Consumer Privacy Act.
The year 2020 offers to be an interesting one for bankruptcy litigation. With several issues before the Supreme Court, at least one will have a material effect on financial services. In addition, higher credit costs will spur an increase in the number of bankruptcy filings, both on the consumer and commercial side. With the California Consumer Privacy Act taking effect on Jan. 1, it will not be long before we see issues arising from it percolating into bankruptcy cases.
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and introduced privacy concepts that were new to some U.S. businesses. Fortunately, the GDPR was developed over a period of time that allowed for thoughtful deliberation and careful drafting. The California Consumer Privacy Act (CCPA), on the other hand, was speedily enacted under the threat of a ballot initiative.
The federal banking regulators and the CFPB recently issued an “Interagency Statement on the Use of Alternative Data in Credit Underwriting,” stating in sum that the agencies “encourage responsible use” of alternative data, especially in the context of credit underwriting.
The U.S. Court of Appeals for the Third Circuit recently vacated an order approving the settlement of a class action certified under Rule 23(b)(2), where the only benefit to the class was the defendant’s payment of a cy pres award to organizations that promoted data privacy. In so ruling, the Third Circuit held that the trial court did not adequately scrutinize the settlement agreement’s broad release of claims for money damages, and the parties’ designation of cy pres recipients, as required by Rule 23(e). A copy of the opinion in In re Google Inc. Cookie Placement Consumer Privacy Litigation is…
The U.S. Court of Appeals for the Ninth Circuit recently held that class plaintiffs alleged a concrete and particularized harm sufficient to confer Article III standing where the defendant company’s alleged collection, use, and storage of the plaintiffs’ biometric information was the substantive harm targeted by the Illinois Biometric Information Privacy Act (BIPA), which statute protects the plaintiffs’ concrete privacy interests. The Ninth Circuit further held that the district court did not abuse its discretion in certifying the class. Accordingly, the Ninth Circuit affirmed the district court orders certifying the class, and denying the defendant’s motion to dismiss. A copy…
In a class action arising from a data breach at a retailer that resulted in the theft of millions of consumers’ credit card information, the U.S Court of Appeals for the Eleventh Circuit recently held that the fee arrangement included as part of the settlement was a fee-shifting contract and the constructive common fund doctrine did not apply, reversing as an abuse of discretion the trial court’s use of a fee multiplier in a fee-shifting case. A copy of the opinion in Northeastern Engineers Federal Credit Union, et al. v. Home Depot, Inc., et al. is available at: Link to Opinion.…
The U.S. Court of Appeals for the Seventh Circuit recently held that a blind plaintiff lacked standing to sue under the Americans with Disabilities Act (ADA) for alleged accessibility problems with a credit union’s website because he could not establish an injury in fact as a non-member. A copy of the opinion in Carello v. Aurora Policemen Credit Union is available at: Link to Opinion. The plaintiff, who is blind, sued a credit union, alleging that the credit union’s website violated his rights under the ADA because it was not accessible to blind people. Specifically, the plaintiff claimed that the credit…