Illinois District court finds that improper collection and retention of face-scan measurements doesn’t constituted an injury-in-fact sufficient to meet Article III standing requirements

    On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]

NY A.G. settled with five companies whose mobile apps were not secure

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc.,, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]

County in NY strengthens privacy on wage and salary history to protect women and minorities

On October 2, 2018, the Suffolk County, NY Legislature introduced a local law to restrict access to information regarding salary and earnings (“RISE” act). The legislature of Suffolk County found that “women and racial and ethnic minority workers have historically encountered lower wages and salaries causing a wage gap that pervades all industries,” and that they have been negatively […]

The California Consumers Privacy Act

On June 28, 2018, California passes Bill 375 (Chau, Hertzberg, Dodd), which will provide Californians with fundamental new consumer privacy rights. In summary, the broad private right of action in the initiative covers instances of data breach – violations are subject to enforcement by the Attorney General – the right to know all a consumer’s […]

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization.