Category: Privacy

California’s BOT Disclosure Law, SB 1001, Now In Effect

Share

The B.O.T. (“Bolstering Online Transparency”) Act, enacted last year pursuant to SB 1001, has gone into effect in California. As of July 1, it is unlawful for a person or entity to use a bot to communicate or interact online with a person in California in order to incentivize a sale or transaction of goods or services or to influence a vote in an election without disclosing that the communication is via a bot. The law defines a “bot” as “an automated online account where all or substantially all of the actions or posts of that account are not the result of a person.” The required disclosure must be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.

The law is the first of its kind enacted by a state legislature and applies only to communications with persons in California. In addition, it applies only to public-facing Internet Web sites, applications, or social networks that have at least 10 million monthly U.S. visitors or users. While the law contains no private right of action and expressly “does not impose a duty on service providers of online platforms,” failure to abide by the disclosure requirement, as enforced by the Attorney General, may constitute a violation of California’s unfair competition laws and result in fines and equitable remedies.

As Cyberattacks Rise, U.S. Business Readiness Falls

Share

Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.

Continue reading “As Cyberattacks Rise, U.S. Business Readiness Falls”

Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions

Share

In the wake of data breaches, companies may find themselves targets of class actions by customers or employees whose personal information was compromised in the breach. The exposure is considerable, with an estimated 765 million people impacted by data breaches between April and June of 2018. As we previously reported, some courts have allowed consumer and employee data breach cases to proceed despite threshold challenges – leading to multi-million-dollar settlements. And in Dittman, Pennsylvania’s Supreme Court recently held that an employer owed an affirmative duty to exercise reasonable care to protect employees’ personal nonpublic data from data breaches.

Continue reading “Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions”

SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance

Share

The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.

In this alert, partner Jim Lundy outlines the Regulation S-P requirements, the OCIE’s Regulation S-P findings and key takeaways for SEC registrants.

Read the full alert.

DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act

Share

Last year Congress enacted the CLOUD Act (the Clarifying Lawful Overseas Use of Data Act) to clarify the means for foreign legal authorities to access electronic information held by U.S.-based global providers. The U.S. Department of Justice (DOJ), in April 2019, issued a White Paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.” This White Paper lays out the policy and legal reasons for enactment of the CLOUD Act, and explains how the CLOUD Act overlays and interacts with existing laws and established inter-governmental practices.

Continue reading “DOJ White Paper Answers Questions about the Scope and Applicability of the CLOUD Act”

Hand Me the Map, Please: Webinar Recap

Share

The critical role of data mapping in CCPA readiness and compliance

Although the California Consumer Privacy Act (CCPA) does not explicitly require that businesses engage in data mapping or relationship mapping, they probably won’t be able to develop effective CCPA compliance strategies without having both. Businesses that have engaged in data mapping in preparation for GDPR compliance will be able to leverage some of that work.

Continue reading “Hand Me the Map, Please: Webinar Recap”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy