May 242019
 

Steven Erkel and Kaeley Brown of Alston & Bird write:

Arkansas

In April, Arkansas’ Governor signed H.B. 1943 as Act 1030 expanding the scope of personal information, as used in the Personal Information Protection Act, to include “biometric data.” The Bill defines “biometric data” as “data generated by automatic measurements of an individual’s biological characteristics, including without limitation: (a) Fingerprints, (b) Faceprint, (c) A retinal or iris scan, (d) Hand geometry, (e) Voiceprint analysis, (f) Deoxyribonucleic acid (DNA), or (g) Any other unique biological characteristics of an individual if the characteristics are used by the owner or licensee to uniquely authenticate the individual’s identity when the individual accesses a system or account.”

Read more on Privacy Blog.

May 242019
 

Jason C. Gavejian and Maya Atrakchi of JacksonLewis write:

A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a competitor did not violate the Computer Fraud and Abuse Act (CFAA). The CFAA expressly prohibits “intentionally accessing a computer without authorization or exceeding authorized access, and thereby obtaining… information from any protected computer”.

Read more on Workplace Privacy, Data Management & Security Report.

May 242019
 

Yan Luo, Ashden Fein and Zhijing Yu of Covington & Burling write:

On May 13, 2019, China’s State Administration for Market Regulation (“SAMR”) released three core national standards related to the country’s Cybersecurity Multi-level Protection Scheme (“MLPS”), describing technical and organizational controls that companies must follow when complying with MLPS-related obligations under the Cybersecurity Law (“CSL”).  These standards, which are commonly referred to as the “MLPS 2.0 standards,” include: GB/T 22239 – 2019 Information Security Technology – Baseline for Multi-level Protection Scheme, GB/T 25070 – 2019 Information Security Technology – Technical Requirements of Security Design for Multi-level Protection Scheme and GB/T 28448 – 2019 Information Security Technology – Evaluation Requirements for Multi-level Protection Scheme.  The MLPS 2.0 standards are set to take effect on December 1, 2019.

Read more on InsidePrivacy.

May 232019
 

Gavin Reinke of Alston & Bird writes:

The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law.  Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of individuals who had applied for unemployment benefits or other services offered by the Department of Labor.  Case No. S18G1316, slip op. at 2 (Ga. May 20, 2019).  The plaintiff, whose information was among that which was disclosed, filed a putative class action against the Department of Labor, alleging claims for negligence, breach of fiduciary duty, and invasion of privacy.

Read more on their privacy blog.

May 112019
 

Lisa Thomas of SheppardMullin writes:

North Dakota criminal law currently contains penalties for misusing the personal information of another. That law has been expanded, and beginning August 1, 2019, it is a class B felony to use a skimmer or scanning device to try get information from a payment card, credit card, or state ID without the permission of the authorized card holder.

Read more on Eye on Privacy.