Florida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Rep. Fiona McFarland introduced HB 969, modeled after the California Consumer Privacy Act (CCPA). The bill is supported by Gov. Ron DeSantis and the speaker of the Florida House. As introduced, HB 969 would apply to for-profit businesses
Privacy Litigation Updates for the Financial Services Sector: Claims Against Yodlee Survive and Limited Discovery of Envestnet Allowed
In November 2020, Yodlee and its parent company Envestnet filed separate motions to dismiss the class action lawsuit brought over Yodlee’s alleged data collection and use practices. Yodlee’s motion to dismiss argued that plaintiffs failed to state a claim under Federal Rule of Civil Procedure 12(b)(6), while Envestnet argued that its status as the parent
A Second Chance for the Public Health Emergency Privacy Act
This is the seventh alert in a series of Bradley installments on privacy and cybersecurity developments arising from the COVID-19 pandemic. Click to read the first, second, third, fourth, fifth, and sixth installments.
Sen. Mark Warner (D-Va.) has re-introduced a bill to create the Public Health Emergency Privacy Act (PHEPA).
Biometric Privacy Law Expansions and Private Rights of Action
The days of only seeing biometric techniques in spy films are well behind us. A simple thumbprint can open a phone. Systems like Alexa can recognize your voice and play your favorite music. Some banks even allow customers to make payments by using voice command and fingerprint recognition.
In 2008, Illinois became the first state
Privacy Requirements under COVID-19 Emergency Rental Assistance Program
Many relief programs have been implemented over the past year in response to COVID-19, and keeping up with the changing requirements for these programs can be daunting. A new twist in the requirements is the mandate for implementation of privacy requirements under the Emergency Rental Assistance Program. Here are some details about the Emergency Rental
The Man Behind the Curtain: College Admissions and FERPA Requests
Aspiring college students spend enormous amounts of time trying to unlock the magic formula that leads to those magic words: Congratulations, you’ve been accepted! But, for many students, the focus on admissions does not stop once they matriculate.
Starting in 2015, schools such as Harvard, Yale, Penn, and Stanford saw a dramatic uptick in students
Privacy Moves to the East Coast: Virginia Set to Enact Comprehensive Consumer Data Protection Law
Virginia is primed to become the next U.S. state to pass comprehensive data-privacy legislation with striking similarities to the California Consumers Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the E.U.’s General Data Protection Regulation (GDPR).
The legislation, known as the Consumer Data Protection Act, passed the Virginia House of Delegates on January
Why It Matters Whether Hashed Passwords Are Personal Information Under U.S. Law
On January 22, 2021, Bleeping Computer reported about yet another data dump by the hacker group Shiny Hunters, this time for a clothing retailer. Shiny Hunters is known for exfiltrating large databases of customer information, often through misconfigured or otherwise compromised database. These databases typically contain credential information for customers, as was the case
Privacy Litigation Updates for the Financial Services Sector: Yodlee and Envestnet Sued for Data Disclosure and Processing Practices
Consumers are more aware than ever of data privacy and security issues. As technology develops, vast quantities of data are collected on individuals every minute of every day. Customers trust their institutions to keep the troves of financial data on them private and secure.
Wesch v. Yodlee, Inc. and Envestnet, Inc.
A recent class action
FTC Eyes Vendor Oversight in Safeguards Rule Settlement
On December 15, 2020, the FTC announced a proposed settlement with Ascension Data & Analytics, LLC, a mortgage industry analytics company, related to alleged violations of the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule. In particular, the FTC claimed that Ascension Data & Analytics’ vendor, OpticsML, left “tens of thousands of consumers[’]” sensitive personal information exposed “to