2018

In a recent decision, a California federal court held that an arbitration provision contained in Viacom, Inc.’s browsewrap agreement was unenforceable and denied Viacom’s request to stay the case pending arbitration.[1] The court’s decision in Rushing v. Viacom, Inc. is consistent with “courts’ traditional reluctance to enforce browsewrap agreements against individual consumers.”[2]

The U.S. Securities and Exchange Commission (“SEC”) may not be the first agency that comes to mind with respect to cybersecurity, but the SEC has been in the headlines recently with respect to cyber fraud in particular. Earlier this month, the SEC promulgated a report urging companies to take preventive measures against cyber fraud.

The Court of Appeal has upheld a decision of the High Court  holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable to compensate affected data subjects for loss caused by a data breach, even where the company has committed no wrongdoing and regardless of the employee’s motive.

Like many organizations in Canada, yours is probably not fully prepared for the mandatory breach reporting requirements coming into force under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) November 1, 2018.

Here are three measures your organization

This is the Data Protection Report’s fifth post in a series of CCPA blog posts that will break down the major elements of the CCPA, which will culminate in a webinar on the CCPA in October. This blog focuses on covered entities. Stay tuned for additional blogs and information about our upcoming webinar on the CCPA.

Following Europe’s lead and some recent high profile scandals involving the use of personal information, California passed the California Consumer Privacy Act which goes into effect on January 1, 2020. (You can find our coverage of it here.) The law, the first of its kind in the US, is an omnibus privacy law for the state of California that grants individuals new rights in connection with their data – including, the right to erasure.