The 2019 Capital One Breach Compared to the 2017 Equifax Breach: Evolving and Improving Attitudes toward Data Security, Breach Detection, and Breach Notification
Image Credit: Khanittha Yajampa via Dreamstime.com On September 7, 2017, Equifax announced that it had suffered a data breach that exposed the personal data of nearly 147 million people. Two years following the Equifax breach, Capital One also suffered a data breach nearly as massive in scope, affecting approximately 100 million users in the United States and 6 million users in Canada. A casual observer might think that the two breaches are similar. After all, they both affected a large fi...
Privacy Rights in Class Action Lawsuits
[Originally published in Orange County Lawyer Magazine, May 2019, Vol. 61 No.5.,by Lily Li and Matthew Wegner; Image Credit: kmicican from pixabay.com] Should Putative Class Members Opt-In Before Their Personal Information Is Disclosed in California Consumer Privacy Act Litigation? In 2020, the nation’s toughest data privacy law will take effect in California. The California Consumer Privacy Act of 2018 (CCPA) imposes harsh restrictions on companies seeking to sell consumers’ data, includ...
The FTC Ramps Up Privacy Enforcement
Following increased congressional scrutiny over its data privacy enforcement practices in 2018, the FTC has ramped up its enforcement actions in recent months, giving some real bite to current federal privacy laws: On February 27, 2019 the FTC filed a complaint against the operators of lip-syncing app Musical.ly—now known as TikTok - for failing to seek parental consent before collecting the personal information of users under the age of 13. In response to the FTC's complaint, TikTok agreed t...
Metaverse Law on Critical Mass Radio Show
On February 13, 2019, Lily Li of Metaverse Law appeared on Critical Mass Radio Show to discuss trends in privacy law and general pointers for businesses. Three takeaways from the show include: Regardless of the size of your company, consider data privacy. The size of your company itself is not as relevant as is the customer data you process. Even if you are a small company, but have a large customer base, chances are you should be looking at the data privacy regulation in your state. If you h...
Privacy Law Forecast for 2019
Image Credit: ID 23689850 © Steve Ball | Dreamstime.com This past year was quite a whirlwind for privacy and cybersecurity watchers. Just to sum up a few of the top events of last year: Facebook's Cambridge Analytica scandal rocked political headlines Europe introduced the GDPR, the most comprehensive data protection legislation to date in the world California enacted the California Consumer Privacy Act, becoming the first US state to create GDPR-style rules Google came under fi...
California Consumer Privacy Act vs GDPR – How to Maximize Your Privacy Compliance Program
California's recent passage of the Consumer Privacy Act of 2018 now places the world's fifth-largest economy under European style data protection rules. Given the new law, US businesses that were previously hesitant to implement GDPR are now reconsidering their position. Luckily, the GDPR and the California Consumer Privacy Act (CCPA or CaCPA) share some similarities. Both provide for consumer-facing privacy notices, data access rights, and data portability. As businesses automate their GDPR...
Regulating the Skies – FAA Drone Rules for Hobbyists
In 2012, Congress placed the Federal Aviation Administration ("FAA") in charge of regulating small unmanned aircraft systems, also known as drones. In response, the FAA promulgated regulations in 2015 and 2016 targeting the drone industry. These regulations required operators to register their systems and meet minimum safety and certification requirements, but excluded operators of preexisting model aircraft. So far, hobbyist drone operators have used the model aircraft exclusion to temporari...
EU Court Finds GDPR Applies to Religious Preaching
On July 10, 2018 the Court of Justice of the European Union (CJEU) published an opinion finding that the General Data Protection Regulation ("GDPR") applied to the collection of personal data during "door-to-door" preaching by the Jehovah's Witnesses religious community. This data included the name and addresses of individuals contacted, and in certain cases, the individuals' religious beliefs and family circumstances. Members of the Jehovah's Witnesses community used this data to coordinate pre...






