Bloomberg Law Privacy & Cybersecurity

Data Privacy ‘Panoply’ Looms as States Move to Fill Federal Hole

Consumers across the US could gain more control over how companies collect and use their personal information through state legislative efforts to create new data privacy requirements.

Eight States: Lawmakers in Indiana, Iowa, Kentucky, Mississippi, New York, Oklahoma, Oregon, and Tennessee so far this year have proposed bolstering company disclosure and consumer consent standards over how their information is collected and processed. New Jersey privacy legislation introduced in 2022 carries over into the second year of the state’s session.

These measures, if enacted, would add to laws in California, Virginia, Connecticut, Utah, and Colorado that aim to safeguard consumer data online. They’re part of a growing push by state lawmakers to address a range of privacy issues—such as protecting biometric identifiers and health data—in the absence of a comprehensive federal law.

A map showing the states with enacted comprehensive privacy laws and proposed comprehensive privacy bills, as of Jan. 18, 2023. California, Connecticut, Colorado, Utah, and Virginia have enacted laws. Oregon, Oklahoma, Indiana, Iowa, Kentucky, Tennessee, Mississippi, and New York have proposed bills.

Compliance Challenge: The greatest compliance challenges for clients doing business at a national level will come if states begin to deviate significantly from the five state privacy laws going into effect this year, said Lisa Sotto, a partner at Hunton Andrews Kurth LLP.

“It’s going to get nearly impossible to comply with the panoply of state laws that will certainly be in place in the coming years,” Sotto said.

Leading the News

Data Collection Effects on Diverse Groups Set for Federal Probe

The Commerce Department on Wednesday announced it will examine the effects of companies’ data collection practices on marginalized communities. Read More

Newsletter Service Mailchimp Says It Was Hacked, Again

Email marketing and newsletter service Mailchimp said it was hacked and that customer accounts were accessed, in the second such attack in less than a year. Read More

Job Cuts Create Vulnerabilities for Data Theft and Hacking

Disgruntled workers can take corporate secrets or get careless with them. Read More

EY, Polygon Update Privacy-Based Blockchain Protocol on Ethereum

Accounting and consulting firm EY and blockchain company Polygon have updated the public source code for Nightfall, a protocol that aims to give corporations a way of undertaking private transactions on a digital ledger. Read More

Bank Secrecy Law ‘Key’ to IRS Criminal Investigations

The IRS’s criminal investigations unit said Wednesday an overwhelming majority of subjects recommended for prosecution have data filings obtained through the Bank Secrecy Act. Read More

In the Courts

Illinois Justices Eye Union Preemption in Hand Scan Privacy Suit

Illinois Supreme Court justices on Wednesday mulled whether federal collective bargaining law prevents a union member from pursuing state biometric privacy claims against his employer. Read More

Documents: Docket Illinois BIPA LMRA Railroad Labor Act

Hyper Microsystems Hit With Class Action Over Fingerprint Scans

Hyper Microsystems Inc. illegally collects the biometric information of employees without their consent and without disclosing its policies regarding the retention and destruction of biometric data, a new state class action said. Read More

Documents: Ill. Cir. Ct. Complaint Ill. Cir. Ct. Docket

Internet Legal Shield Blocks Model’s Right-to-Publicity Lawsuit

Amazon.com Inc., Walmart Inc., and Ulta Beauty Inc. escaped a fashion model’s lawsuit claiming that they used her image and likeness without permission after a Manhattan federal court ruled that a federal legal shield for online platforms blocks the model’s state law claim. Read More

Documents: S.D.N.Y. Opinion S.D.N.Y. Docket

Today’s Highlights

NBA Signs Multiyear Deal, Takes a Stake in Consumer Data Firm

The National Basketball Association has signed a multiyear deal with consumer data firm StellarAlgo, with the league’s investment arm taking an ownership stake in the firm as it looks to grow its portfolio. Read More

Russian Charged by US With Running $700 Million Crypto Scheme

A Russian national was charged with money laundering through a cryptocurrency exchange that allegedly masked the proceeds of illegal gambling and drug deals valued at more than $700 million, as the US goes after criminal suspects in the digital space. Read More

Documents: Docket

Cyberattack Against Norway Firm Hits 1,000 Merchant Ships

A cyberattack on a Norwegian shipping services firm ensnared about 70 companies and 1,000 ships. Read More

Columnist Corner

THIS YEAR, at least 11 law firms have notified courts that they are charging more for their services, despite continued economic uncertainty, Roy Strom writes in his latest Big Law Business column.

Law firms don’t readily advertise billing rates, but bankruptcy courts require that rate increases be disclosed. Roy’s search of bankruptcy dockets revealed that a handful of Big Law firms and mid-size shops have raised their highest partner billing rates nearly 10% on average this year, and that top-paid associates are being billed out at 9% higher than last year’s rates. Read More