Published by Al Saikali

The Florida House of Representatives has officially passed HB 969, which would create the most aggressive privacy law in the United States. The bill would apply to companies that generate $50 million or more in annual gross revenue and collect a significant amount of personal information about Florida residents. In addition to imposing CCPA-like

The Florida Senate’s version of a new comprehensive privacy law (a.k.a. the “Florida Privacy Protection Act” (FPPA)) passed unscathed out of the Senate’s Committee on Commerce and Tourism yesterday. The bill’s sponsor fought off two proposed amendments: one that would have eliminated the private right of action and a second that would have required more than just a revenue threshold for the law to apply. This post describes what makes the FPPA more aggressive than the CCPA, it provides a summary of the Senate Committee hearing, and it shares some late-breaking news about the House version (HB 969).

Continue Reading Senate Version of Florida Privacy Law Moves Forward; House Version Makes Class-Action Lawsuits Even Easier

The following post was prepared by guest contributor, my friend, my brother-in-arms, and newly-minted Partner in Shook’s Privacy and Data Security Practice, Colman McCarthy 

For what seemed like an eternity (okay, just a couple years), the California Consumer Privacy Act was the only game in town when it came to state-level, comprehensive privacy legislation. Sure, we saw many other states introduce similar bills, and Washington got close a couple times to passing the Washington Privacy Act. Those all died on the vine, however. In fact, California was the only state after itself to see passage of anything really big, with the California Privacy Rights Act (which amends the CCPA, and is not a separate, new law) gaining passage in the November 2020 election.

All to which Virginia has recently stepped forward and said, “Hold my…authenticated consumer request.” The Virginia Consumer Data Protection Act (or VACDPA, as I prefer to call it) is a comprehensive privacy bill that was just signed into law by Governor Northam on March 2, and shows influences from both the CCPA and Europe’s General Data Protection Regulation.

What do you need to know about VACDPA, beyond the fact that it’s fun to say out loud? Probably the most important fact is that it won’t go into effect until January 1, 2023. That gives entities a long runway to understand their obligations under the law and get into compliance.

So, what about all the other stuff? Well…
Continue Reading Virginia’s Foray Into Comprehensive Privacy Law

The Florida Legislature is considering a comprehensive privacy law (HB 969) that would fundamentally change the landscape of how/whether companies do business in Florida.  The bill is largely a “cut-and-paste” of the California Consumer Privacy Act (CCPA), but in some ways, it goes further than the CCPA and would make Florida’s law the most aggressive privacy law in the United States.  As I have previously described, the bill would create significant privacy rights for Florida residents, including the right to know what personal information companies are collecting about them, the source of that information, how the information is being shared, a right to request a copy of that information, and a right to delete/correct that information.  But the law goes too far – placing a crushing financial burden on most small and medium-sized businesses and creating a private right of action that dwarfs California’s version. This post analyzes the five most significant problems with HB 969 and proposes solutions.
Continue Reading Five Ways To Improve Florida’s Proposed Privacy Law

Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant development given that he and both chambers of the Florida Legislature are Republican and, to date, there has not been any aligned support for a privacy law since the Florida Information Protection Act (FIPA), Florida’s data breach notification law.  Nevertheless, as with the CCPA, the bill proposes a boondoggle for the plaintiffs’ bar in the form of a private right of action for data breaches and statutory damages, which could present a significant obstacle to passage in the bill’s current form, particularly for a fairly business-friendly Florida Legislature.
Continue Reading Florida Throws Its Hat Into the Privacy Ring, And It’s Looking A Lot Like California