Following the lead of California and then Virginia, Colorado recently became the third U.S. state to pass a comprehensive law providing its residents with personal data privacy rights. While there is significant overlap between how each of these state laws defines who it applies to and what consumer rights are granted, there are several key differences, including the scope of consumers’ opt-out rights:
These states make up a combined 16% of the U.S. population, making it increasingly difficult for even strictly U.S.-focused organizations to fall out of scope of comprehensive data security and privacy laws requiring, for example, the use of data protection assessments.
The U.S. regulatory landscape continues to evolve on a nearly weekly basis. Indeed, similar comprehensive bills have already been introduced in Massachusetts, New York, and Illinois. As more states pass legislation related to collecting personal information, it remains imperative for businesses to stay updated on how each state regulates this activity.… Keep reading
What strategies should businesses employ to circumvent “insider” cyber threats? Attorneys Howard Susser and Brooke Penrose will discuss the best practices to manage and prevent data misuse and the claims to consider when threats arise. Learn about the Computer Fraud and Abuse Act, trade secrets and other intellectual property claims, and breaches of agreements.
Click here to view the full webinar.… Keep reading
Proceed with Caution – Cookies May Create Legal Exposure for Site Operators
Cookies can be incredibly useful to website operators as they can enable the operator to gather helpful information about how visitors use its website and thereby target its advertising efforts without disrupting the user experience. However, as web visitor privacy control continues to be … Keep reading
With the President’s signing of the Consolidated Appropriations Act for 2021 on December 27, 2020, several important updates to U.S. intellectual property law have been adopted.
Trademark Act Amended
The Trademark Modernization Act (“TMA”) makes significant amendments to the Lanham Act, which will become effective December 27, 2021. The TMA generally aims to reduce deadwood on the register of trademarks by providing for summary expungement. But the Act also made some noteworthy amendments to trademark prosecution and enforcement procedures. A summary of some of the highlights include:
- New Ex Parte Expungement Proceeding. A third party, or the Trademark Office, may petition to expunge a registration on the basis that the mark has never been used in commerce on or in connection with some or all of the goods or services recited in the registration. The proceeding is only available for registrations that have been registered for more than three years but less than 10 years.
- Response Deadlines for Trademark Office Actions May be Shortened. The current response time for all Office Actions is six months. The TMA allows the response period to be shortened to a period that is at least sixty days, provided extensions of
… Keep reading
Highlights of Brazil’s LGPD
Brazil became the latest country to draw inspiration from Europe’s General Data Protection Regulation (“GDPR”) and adopt its own national comprehensive legal framework for personal data regulation, called the Lei Geral de Proteção de Dados (“LGPD”). A comparison of some of the key topics covered by the GDPR and LGPD are summarized below:
||May 25, 2018
||August 15, 2020 (but enforcement will not begin until August 1, 2021)
||Up to the higher of €10 M or 2% of global annual revenue from preceding financial year
||Up to the lesser of 50 M reals or 2% of Brazilian sourced revenue from preceding financial year
||Personal data processing activities when:
1. Controller or processor is established in the EU, regardless of whether the processing takes place in the EU or not;
2. the data refers to individuals located in the EU when offering goods or services to such data subjects or monitoring their behavior;
3. carried out by a controller not established in the EU, but in a place where Member State law applies by virtue of public international law.
|Personal data processing activities when:
1. carried out
… Keep reading
As we’ve previously blogged about, the California Consumer Privacy Act (“CCPA”) is an exhaustive piece of legislation requiring organizations to heed and defend consumer rights relating to access to, sharing of, and deletion of personal information that is collected by businesses. In particular, the CCPA requires organizations to notify California consumers of the rights newly afforded to them under the CCPA. These rights are summarized in the graphic below.
Summary of Consumer Rights and Organization’s Related Responsibilities:
In addition to notifying California residents of their consumer rights, organizations need to provide at least two methods– including a toll-free phone number—for consumers to submit requests to exercise their rights. If the organization maintains a website, one of those methods needs to be a website address. If an organization operates exclusively online and has a direct relationship with the consumer, it does not need to provide a toll-free number and only needs to provide an email address as a designated method for submitting requests.
Response Requirements When Consumer Exercises a CCPA Right
Once an organization obligated to comply with the CCPA receives a California consumer request to exercise a CCPA right, it must disclose and deliver the information free of charge … Keep reading
Prior to the unique data security and privacy challenges unexpectedly presented as a result of a mass movement to remote working earlier this year, the California Consumer Privacy Act (“CCPA”) was one of the most highly anticipated regulation organizations were (or, should have been) preparing to comply with. Despite industry pressure to delay enforcement of the CCPA so organizations could continue to focus on mitigating further disruptions and damage to their operations caused by the COVID-19 pandemic, the California Attorney General has maintained his commitment to begin enforcement of the CCPA on July 1, 2020.
In preparation for the enforcement date, Burns & Levinson will be doing a series detailing some of the highlights of the CCPA, which technically went into effect on January 1, 2020. If the CCPA applies to your organization and you had not previously taken steps to bring your organization into compliance with Europe’s General Data Protection Regulation (“GDPR”), you may have significant work to do in order to bring your organization into compliance with the CCPA. If your organization has previously engaged in GDPR compliance, you may still have work to do. While there is some overlap between the regulatory and statutory requirements of … Keep reading
Chances are, if you have ever posted or published content on the web, or your company operates a website, you have heard the term “take-down notice.” Perhaps you have even been on the receiving end of such a notice, claiming that content on your website is owned by a third party, and that if you do not remove the content, your website will be taken down or a lawsuit will be filed claiming copyright infringement.
These notices are part of a mechanism available to copyright owners—including those who have not registered their copyrights— under a U.S. law called the Digital Millennium Copyright Act. This statute was enacted in the late 1990s as an attempt to bring the U.S. Copyright Act up to speed with society’s increased engagement via the Internet. The take-down procedure was introduced to provide a “safe harbor” for internet service providers that provide platforms for others to post content. Essentially, by following the procedures detailed in the DMCA, a website owner (or ISP) may be able to shelter him/herself from liability for infringement if a user posts infringing content, provided the website owner is not actively participating in or encouraging infringement and otherwise … Keep reading