On July 2, 2018 attorney Lily Li appeared as a guest star on The Gen Why Lawyer Podcast. During the half-hour segment, Ms. Li discussed starting her own dedicated privacy practice, the recent enactment of the General Data Protection Regulation, and growing developments in state privacy regulation.
Listeners may tune into this broadcast on ITunes, Stitcher, and The Gen Why Lawyer website at the links below:
The Gen Why Lawyer is a weekly podcast hosted by California Patent Attorney and Millennial, Karima Gulick. Join Karima each week as she chats with some of the greatest innovators and leaders in the legal profession. Listen in to hear their inspiring stories and learn from their insight on how to build a meaningful life and fulfilling career. For more information, check out their website.
6/28/2018 Update:Governor Brown signed AB-375 into law on the afternoon of June 28, 2018. The law is named the California Consumer Privacy Act of 2018, and will take effect in January 2020. This will give industry and lawmakers some time to regroup and fine tune the regulations under this new act.
In a last-minute attempt to keep the California Consumer Privacy Act initiative off the November ballot, California lawmakers reached a tentative deal with ballot sponsor Alastair Mactaggart on June 21st to push forward a legislative privacy bill. The deal depends on the bill passing both houses and being signed by Governor Brown by June 28th.
The proposed bill, introduced by State Assembly member Ed Chau and state senator Robert Hertzberg, would give California consumers unprecedented rights to know what information businesses collect about them, where that information comes from, and how that information is shared. The bill also gives consumers the power to stop companies from selling their data.
On Monday, June 25 at 8 A.M. Pacific, attorney Lily Li appeared as a guest star on KUCI 88.9 FM’s Privacy Piracy radio show. During the half-hour segment, Ms. Li discussed the impact of the recent General Data Protection Regulation, growing developments in state privacy regulation, and the California Consumer Privacy Act.
To listen to this broadcast, please click on the MP3 below.
KUCI 88.9 FM is a commercial free radio station, based out of the University of California – Irvine. For more information, see http://kuci.org/
Privacy Piracy is a half-hour public affairs radio show broadcasting on KUCI 88.9 FM. The show is co-hosted by attorney and privacy consultant Mari Frank and production engineer Lloyd Boshaw. For more information, see http://privacypiracy.org/
As Californians gear up to vote in this week’s primary elections, the state’s businesses and voters should be aware of two separate privacy law developments: SB-1121 and the Consumer Privacy Act.
SB-1121 and Increased Liability for Data Breaches
On May 30, 2018, the California Senate recently voted to send SB-1121 to the state Assembly. The proposed amendment to the state’s current data breach laws (codified at Sections 1798.80-1798.84 of the Civil Code) would increase corporate liability for data breaches. The key provisions are as follows:
California “consumers,” not just “customers,” will be able to sue businesses under California’s data-breach protection laws. Under the existing rules, a California resident can only sue a business for a data breach if it provided information to the business for the purpose of buying products or services. This amendment would cover all businesses that maintain the personal data of California residents, regardless of the relationship between the business and the resident. The expansion of liability to consumers is in part responsive to the Equifax hack. In that situation, the credit agency reported that the records for about 148 million Americans were compromised, but very few of those people would be considered “customers” of Equifax.
California residents will be able to sue for a minimum of $200 in penalties per violation, without proof of consumer injury. This poses the risk of large-scale consumer class actions, for even minor data breaches, even where no one was harmed by the breach.
[Originally published as the May 2018 Cover Story: Data Privacy and the Law – American Privacy Laws in a Global Context: Predictions for 2018, by Lily Li, in Orange County Lawyer Magazine, May 2018, Vol. 60 No.5.]
Cybersecurity Attacks Are Inevitable
Cybersecurity attacks are on the rise. According to the non-profit organization, Identity Theft Resource Center, there were over 1,579 publicly reported data breaches in 2017, compared to 1,091 in 2016, and 780 in 2015. Not only are these cyberattacks happening at high-profile companies like Equifax, Uber, and Yahoo, they are increasingly happening to businesses of all sizes. Any entity able to pay a ransom is now a potential target.
Law firms are no exception. In 2017, DLA Piper was hit with a “wiper-ware” attack, following previous email hacks of Cravath and Weil Gotshal in 2016. Earlier this year, UK-based cybersecurity firm, RepKnight, reported that almost 800,000 UK law firm email addresses and affiliated passwords were available on the dark web, with over 50% of these credentials posted in the last six months. These law firms did not just include local UK firms, but global law firms with a UK presence.
Given these alarming statistics, what should legislators do?
In the EU, Canada, and China, legislators have decided to develop and implement national data privacy and cybersecurity frameworks: GDPR, PIPEDA, and CSL respectively. The United States, by contrast, still relies upon a patchwork of sectoral laws and inconsistent state rules. This article will take a brief look at developments in the EU, Canada, and China, discuss the current United States privacy framework, and predict likely developments in U.S. privacy law over the next year.Continue Reading American Privacy Laws in a Global Context: Predictions for 2018