NY A.G. settled with five companies whose mobile apps were not secure

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]

County in NY strengthens privacy on wage and salary history to protect women and minorities

On October 2, 2018, the Suffolk County, NY Legislature introduced a local law to restrict access to information regarding salary and earnings (“RISE” act). The legislature of Suffolk County found that “women and racial and ethnic minority workers have historically encountered lower wages and salaries causing a wage gap that pervades all industries,” and that they have been negatively […]

The California Consumers Privacy Act

On June 28, 2018, California passes Bill 375 (Chau, Hertzberg, Dodd), which will provide Californians with fundamental new consumer privacy rights. In summary, the broad private right of action in the initiative covers instances of data breach – violations are subject to enforcement by the Attorney General – the right to know all a consumer’s […]

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization.

Stored Communications Act

The Stored Communication Act (SCA), codified at 18 U.S.C. Chapter 121 §§ 2701–2712 is a law that addresses voluntary and compelled disclosure of “stored wire and electronic communications and transactional records” held by third-party internet service providers (ISPs). Below a list of the relevant sections 2701 – Unlawful access to stored communications 2702 – Voluntary […]

New Jersey adopts Personal Information and Privacy Protection Act

On July 21, 2017, New Jersey adopted the “Personal Information and Privacy Protection Act.” According to the law, retailers may scan an ID card only under certain circumstances. By “scanning” the law means to access the barcode or any other machine-readable section of the card “with an electronic device capable of deciphering, in an electronically […]