philipp-katzenberger-iIJrUoeRoCQ-unsplash (1)

As 2025 begins, businesses across the U.S. will be required to navigate an even more expanded landscape of state-level privacy regulations. In all, eight states are introducing comprehensive privacy laws, further adding to the growing patchwork of privacy requirements in the U.S.

January is kicking off with a flurry as five states (Iowa, Delaware, Nebraska, New Hampshire, and New Jersey) implement their laws in the first two weeks. Later this year, Tennessee, Minnesota, and Maryland will join the mix. For companies operating in the U.S., staying ahead in this shifting regulatory environment is essential. Failure to comply could result in hefty penalties, legal exposure, and a loss of consumer trust.

The good news? Businesses already aligned with current privacy laws may only need minor updates to meet the new requirements. However, it is important to be aware of all consumer-facing interactions, data collections, and sharing of personal information in each state to keep a firm handle on your compliance obligations.

Continue Reading A New Year and New Compliance Requirements: Additional State Privacy Laws Take Effect in 2025

On September 6, 2024, the U.S. Department of Labor (DOL) issued Compliance Assistance Release No. 2024-01, titled “Cybersecurity Guidance Update.” The updated guidance clarifies that the DOL cybersecurity guidance applies to all ERISA-covered plans, and not just retirement plans, but also health and welfare plans. Also, as a direct response to service providers’ concerns, the DOL expanded its 2021 guidance to emphasize that plan sponsors, fiduciaries, recordkeepers, and participants should adopt cybersecurity practices across all employee benefit plans. With cyber risks continually evolving, the update highlights the importance of implementing robust security practices to protect participant information and plan assets.

Continue Reading The Department of Labor’s Expanded Cybersecurity Guidance: What ERISA Plan Sponsors and Fiduciaries Need to Know

Seyfarth Synopsis: In a significant decision for website operators, the Massachusetts Supreme Judicial Court clarified that tracking users’ web activity does not constitute illegal wiretapping under the state’s Wiretap Act. The court found that person-to-website interactions fall outside the Act’s scope, which focuses on person-to-person communications. However, the court emphasized that other privacy laws could still apply to such tracking practices. This ruling may influence how similar cases proceed nationwide and signals to the Massachusetts legislature that any broader restrictions on web tracking require explicit statutory action.

Continue Reading Tracking Users’ Web Browsing Activity Does Not Constitute Illegal Wiretapping under Massachusetts Law

More Information & To Register

November 11 – 13, 2024
Fairmont Scottsdale Princess
Scottsdale, AZ

Seyfarth Shaw is a sponsor for the 2024 ANA Masters of Advertising Law Conference, the biggest advertising, marketing, and promotion law conference in the nation.  The conference will take place November 11-13 at the Fairmont Scottsdale Princess in Scottsdale, Arizona. During the conference Seyfarth attorneys Joe Orzano and Kristine Argentine will present on a breakout panel and Ken Wilton, Ameena Majid, and Gina Ferrari will lead a roundtable discussion. Additional details are provided below. 

Continue Reading Seyfarth to Sponsor and Present at 2024 ANA Masters of Advertising Law Conference

This blog post was cross-posted from Seyfarth’s Employment Law Lookout blog.

In the case of Okonowsky v. Garland23-55404.pdf (law360news.com), the Ninth Circuit considered a claim that social media posts made by a co-worker on a personal account constitute actionable workplace harassment under Title VII.  The appeals court firmly “reject[ed] the notion that only conduct that occurs inside the physical workplace can be actionable, especially in light of the ubiquity of social media and the ready use of it to harass and bully both inside and outside of the physical workplace.” 

Continue Reading Personal Does Not Mean Private: Ninth Circuit Holds Personal Social Media Posts Can Constitute Workplace Harassment

Seyfarth Synopsis: Earlier this year, we reported that the Illinois Senate passed Senate Bill 2979 with a vote of 46 to 13, and the Illinois House of Representatives passed Senate Bill 2979 with a vote 81 to 30. This bill addressed concerns arising from recent legal interpretations of the Illinois Biometric Information Privacy Act (“BIPA,” 740 ILCS 14/ et seq.), particularly following the Illinois Supreme Court’s 2023 decision in Cothron v. White Castle System Inc., in which the Court held that a claim under BIPA accrues each time that an individual’s biometric information or identifier is captured or collected.

Continue Reading BIPA LEGISLATIVE UPDATE: Governor Pritzker Signs Amendment Limiting Damages To A Single Recovery

The Personal Data Protection (Amendment) Bill 2024 (“PDPB”) was at last passed by the Malaysian Parliament at the end of July. After Royal Assent and publishing, it will become law (on a date to be determined by the Minister of Digital to be specified in the Gazette). The PDPB introduced several changes intended to better align Malaysia’s 2010 Personal Data Protection Act with global standards.

Continue Reading Malaysian Parliament Passes Personal Data Protection (Amendment) Bill 2024
onur-binay-Uw_8vSroCSc-unsplash

This blog post was cross-posted from Seyfarth’s Consumer Class Defense site.

In a significant legislative development, the Illinois House of Representatives has overwhelmingly approved Senate Bill 2979, with a vote of 81 to 30, which amends the Illinois Biometric Information Privacy Act (BIPA) to limit damages to one violation per individual, rather than each instance their biometric information is captured, collected, disclosed, redisclosed, or otherwise disseminated. The bill also amended the definition of “written release” to include an electronic signature.

Last month, we reported on the Illinois Senate’s passage of the bill by a vote of 46 to 13. This legislative move is a direct response to the Illinois Supreme Court’s 2023 decision in Cothron v. White Castle. The Court ruled that under BIPA, a claim accrues each time an individual’s biometric information is captured or collected. This decision highlighted the urgent need for legislative clarity, as White Castle argued that it could face damages exceeding $17 billion if each of its employee’s time clock scans were found to recklessly or intentionally violate BIPA. Recognizing the potential for such devastating liability, the Court called on the Illinois legislature to act.

In its original form, BIPA stated that an individual may be entitled to $1,000 or actual damages for each negligent violation, or $5,000 or actual damages for each reckless or intentional violation. The newly passed bill amends Sections 15(b) and 15(d) of BIPA to state that an “aggrieved person is entitled to, at most, one recovery under this Section.”

Having cleared both legislative chambers, the bill is now headed to Governor Pritzker for his signature.

If you have any questions about how this BIPA amendment may impact your business practices, please do not hesitate to contact your trusted Seyfarth Shaw advisor.

On March 22, 2024, following nearly six months after the publication of the Provisions on Promoting and Regulating Cross-border Data Flows (Draft for Solicitation of Comments), the Cyberspace Administration of China (“CAC”) officially released the Provisions on Promoting and Regulating Cross-border Data Flows (“the Provisions”), which came into immediate effect. In accordance with the Provisions, CAC has also issued the “Guidelines for Data Export Security Assessment Declaration (Second Edition)” and the “Guidelines for Filing Standard Contracts for Personal Information Export (Second Edition).”

Continue Reading Practical Insights from China on the Newly Issued Provisions on Cross-Border Data Transfer

Address
Seyfarth Shaw Hong Kong Office
Suite 3701 & 3708-3710, 37F
Edinburgh Tower, The Landmark
15 Queen’s Road Central
Central, Hong Kong

Tuesday, 21 May 2024 (HKT)
8.30 – 9.00 a.m. Check-in and Breakfast
9.00 – 10.00 a.m. Roundtable
10.00 – 10.30 a.m. Refreshments
Breakfast will remain available during the roundtable

Cost
There is no cost to attend, but registration is required.

REGISTER HERE

About the Programme

In recent years, privacy and cybersecurity consistently hit the top of legal leaders’ lists of their biggest concerns. In fact, a recent Association of Corporate Counsel Chief Legal Officers Survey found that, when rating a list of items on their importance to the business, CLOs placed cybersecurity, regulation and compliance issues, and data privacy as the top three most critical issues for the business.

Continue Reading Upcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity