The Supreme Court of Illinois relied on legislative intent, policy concerns and precedents to hold that all Biometric Information Privacy Act claims are subject to a five-year statute of limitations. Read on to learn more about the Tims v. Black Horse Carriers, Inc. opinion and how it may impact businesses and their BIPA decisions going forward.
Password Protected
Latest from Password Protected - Page 2
Ohio Supreme Court: Insurance Policy Does Not Cover Ransomware Attack on Software
In a unanimous decision, the Ohio Supreme Court found that a computer software company’s business owners insurance policy does not cover losses resulting from a ransomware attack on the company’s computer software systems because the attack did not cause physical loss or physical damage to the software.
Read on for background on this case and…
New Year Brings New State-Level Data Privacy Protections
As 2022 draws to a close, it is important to keep in mind that key state-level regulations on consumer and employee data privacy will become effective as soon as 2023 begins. Data security measures, personal data processing activities and privacy policies of businesses covered by the regulations are now proscribed specific standards and requirements in…
FCC Drops Message That Ringless Voicemails Are Subject to TCPA
On Nov. 21, 2022, the Federal Communications Commission issued a declaratory ruling and order finding that “ringless voicemails” to wireless phones are “calls” made using an artificial or prerecorded voice. Such calls, therefore, are subject to the Telephone Consumer Protection Act and callers must obtain consent before delivering such messages.
Read on to learn about…
New California Law Bans Tech Companies From Disclosing Data for State Abortion Investigations
Compliance with out-of-state investigative requests, like warrants, just got a little trickier for some California-based companies.
Read on for details and implications of a new California law that, among other things, prohibits technology and communications companies based in the state from providing user data to out-of-state authorities investigating abortions that would be legal under California
First CCPA Enforcement Action Shows Accepting User-Enabled Global Privacy Controls Is Mandatory

On Wednesday, August 24, 2022, the California Attorney General released a public statement addressing its first enforcement action under the California Consumer Privacy Act (“CCPA”) against Sephora. The Attorney General alleged that Sephora failed to disclose to consumers that it was selling personal information, it failed to honor requests submitted through Global Privacy Controls (“GPC”),…
HHS Issues New HIPAA Guidance on Audio-Only Telehealth Services
During the pandemic, audio-only telehealth was a critical tool to provide care to populations that could not use video during telehealth sessions, due to factors such as lack of financial resources, disability or lack of sufficient broadband coverage.
New HHS guidance outlines steps covered entities should take to ensure that their audio-only telehealth practices are…
OCR Seeks Input on “Recognized Security Practices” as Mitigating Factor for HIPAA and HITECH Fines
In 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human…
Twitter Fined $150M for Violating FTC Order on Misrepresenting Privacy and Security Practices
On May 25, the Federal Trade Commission announced that it, along with the Department of Justice, fined Twitter $150 million for violating a 2011 agreement with the FTC in which Twitter promised to protect the integrity of nonpublic consumer information, including users’ phone numbers and email addresses.
Read on for details about the alleged violations…
SEC Expands Enforcement Unit Tasked With Protecting Crypto Markets
Reflecting its determination to monitor the crypto markets, the U.S. Securities and Exchange Commission announced today that it was renaming the Cyber Unit the “Crypto Assets and Cyber Unit” and nearly doubling its size, from 30 to 50 members. The additional permanent positions will include investigative staff attorneys, trial lawyers and fraud analysts, who will…