Privacy & Cybersecurity Newsletter

July 2020

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

CCPA Update: Final Proposed Regulations
On June 1, 2020, the Office of the California Attorney General submitted the final proposed regulations package under the California Consumer Privacy Act to the California Office of Administrative Law. read more


Beyond Borders: COVID-19 Highlights the Potential Widespread Impact of the Illinois Biometric Information Privacy Act (BIPA)
The COVID-19 pandemic created a new normal for Americans—one where family members of all ages work and go to school from home. Businesses and schools have turned to technology to facilitate remote work and e-learning. read more

CARES Act Surprise: Substance Use Treatment Confidentiality Law Revised
The CARES Act made significant changes to the law governing the confidentiality of substance use treatment records. read more

Malicious Cyber Actors Exploiting COVID-19:
Common Attacks and Mitigation Strategies
The NY DFS has provided guidance to regulated entities to warn of the heightened cyber risks resulting from COVID-19 as cyber criminals look to exploit the increase in remote work and many individuals accustom themselves to the new normal of remote work. read more 


Uniform State Privacy Law on Fast Track
In response to the privacy compliance nightmare that appears to be developing from the proliferation of state privacy legislation, the Uniform Law Commission has recently started the process to develop a uniform state privacy law that, once completed, will provide a template for all 50 states to use in enacting consistent privacy legislation. read more

Where Statutory Privacy Claims Stand After Spokeo: Shaky Ground or Clear Path for Standing?
Following Spokeo, Inc. v. Robins, lower courts across the country were tasked with applying the Supreme Court’s “concrete” injury standard to a wide range of privacy and cyber claims. read more

Eleventh Circuit Holds that TCPA Consent Cannot be Revoked When Provided as Consideration in a Binding Contract
In Medley v. Dish Network, LLC, No. No. 18-13841, 2020 WL 2092594 (11th Cir. May 1, 2020), the Eleventh Circuit held that consent to receive calls using an automatic telephone dialing system under the Telephone Consumer Protection Act provided by a consumer as a term of a contract cannot be unilaterally revoked under common law contract principles. read more

Second Circuit Adds to the TCPA Chaos
In April, the Second Circuit Court of Appeals issued a decision in Duran v. La Boom Disco, Inc. 955 F.3d 279, 2020 WL 1682773 (2d Cir. 2020), which widened the circuit split over the definition of an “automatic telephone dialing system” under the Telephone Consumer Protection Act, 47 U.S.C. § 227. read more

An Overview of Key Issues in Privacy and Cyber Litigation
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual . . . the right ‘to be let alone.’” Samuel Warren and Louis Brandeis, The Right to Privacy, 4 Harvard L.R. 193 (Dec. 15, 1890). read more


Drones Aren’t Just Hackers’ Targets – They’re Hackers’ Weapons
In past discussions of the cyber risks and vulnerabilities attendant to Unmanned Aerial Systems (UAS, or drones), we have primarily described the proliferation of certain drone platforms with reported insecurities, specifically the ubiquitous DJI models that the U.S. Government ultimately removed from its service. read more