Privacy & Cybersecurity Newsletter

Summer 2021

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

In This Issue


CCPA Quick Update: Certain Companies Must Report Consumer Request Metrics by July 1, 2021
If your business is subject to the CCPA and (alone or in combination) bought, received, sold, or ‎shared for commercial purposes the personal information of 10 million or more consumers ‎‎(i.e., California residents) in 2020, Section 999.317 of the CCPA Regulations requires you to ‎report metrics regarding consumer requests annually beginning July 1, 2021.‎ read more


Ransomware’s Scary – Be Wary and Ready to Parry
Ransomware is dominating headlines and creating unimaginable headaches. Ransomware has ‎been deployed against every industry sector, and against municipalities and other government ‎agencies.‎ read more

Updating Your “Reasonable Security” During the “Ransomware Outbreak”
‎“Reasonable Security” is a term that is becoming more important due to the continued increase ‎in ransomware incidents over the past few years, which the U.S. Cybersecurity and ‎Infrastructure Security Agency has described as the “ransomware outbreak.”‎ read more


Patients’ Right of Access Remains an Important Issue for HIPAA Compliance
Under the Health Insurance Portability and Accountability Act, individuals have the ‎right, with some limited exceptions, to access their protected health information ‎maintained in a designated record set by a covered entity or the covered entity’s business ‎associate. read more


New York Biometric Privacy Update: Scanning Your Face As You Walk the City?
New York’s recent steps to protect biometric privacy are well worth your attention. The ‎‎“Biometric Identifier Information” Law was passed by the New York City Council and ‎will be effective July 9, 2021 in New York City. read more


A Big Win for Walmart Helps Further Define the Scope of Data Breach Class Actions: Gardiner v. Walmart Inc.
Ever since the California Consumer Privacy Act took effect on January 1, 2020, ‎litigants have been looking forward to guidance regarding the limits of data breach claims. ‎Now some of the questions are starting to be answered. read more

Firmer Footing for Data Breach Standing, Thanks to the Second
Instead of identifying traditionally “tangible” injuries, data breach plaintiffs typically point to ‎the fact that they may be the victim of identity theft at some point in the future.‎ read more

Supreme Court Adopts Narrow Definition of TCPA Automatic Telephone Dialing System
Starting in 2003 when the FCC adopted an expansive interpretation of the definition of an “automatic telephone dialing system” that included most modern telephone equipment, the plaintiffs’ bar has extracted hundreds of millions of dollars from businesses through the Telephone Consumer Protection Act and the threat of uncapped statutory damages.‎ read more