August 29, 2013 – After initially vetoing legislation in May, New Jersey Governor Chris Christie today signed into law legislation that will prohibit employers from requiring job applicants or current workers to provide their user names and passwords for social media sites. In doing so, New Jersey becomes the twelfth state to enact such a measure. The […]
Privacy
California Adopts Do-Not-Track Disclosure Law: A.B. 370 Amends the California Online Privacy Protection Act (CalOPPA) to Require New Privacy Policy Disclosures for Websites, Online Services and Mobile Apps about Behavioral Tracking
California Governor Brown is preparing to sign into law a new online privacy bill (A.B. 370) approved unanimously (78-0) by the California Assembly on August 26, 2013, having previously passed the California Senate by a vote of 37-0 (with 2 non-votes recorded). The Governor is expected to sign the bill before the expiration of the signing […]
California S.B. 46 Expands Data Breach Notification Law to Include Breaches of User Names and Email Addresses for Online Accounts
California Governor Brown is preparing to sign into law a new data security breach notification bill (S.B. 46) that expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answer that would permit access to […]
California Establishes Digital Privacy Rights Law for Minors: S.B. 568 Expands Online Privacy Protections Beyond Federal COPPA Rules and Extends Rights to All Children Under 18 Years of Age
California Governor Brown is preparing to sign into law an unprecedented children’s online privacy bill (S.B. 568), which adds a new chapter to the State’s Business and Professions Code (BPC) to protect the online privacy of children and teenagers who are under 18 years of age and reside in the State of California. The bill […]
New European Data Breach Rules for Telcos and ISPs
On August 25, 2013, a new European Regulation came into effect that changed and expanded upon the breach notification procedures set forth in the E-Privacy Directive (2002/58/EC). The Regulation outlines two independent notification obligations: (1) notification to the relevant national authority within 24 hours after detection of a personal breach where feasible; and (2) notification […]