Frank Vito’s Post

Finally a common sense amendment to the Illinois Biometric Information Privacy Act (BIPA). The new Amendment, signed on August 2 by Governor Pritzker, allows entities to obtain consent via electronic signature, but far more importantly, it did away with “per scan” damages. That is, pursuant to Illinois Supreme Court precedent (Cothron v. White Castle), each data capture (i.e., fingerprint scan) could constitute a separate BIPA violation with damages up to $5,000 per scan. Such an analysis was often financially crippling to businesses - which apparently was never the intent of BIPA. Under the Amendment, the “aggrieved person” can only recover for one violation even if the unlawful collection or disclosure occurs more than once (such as when they sign in to a time clock every day). The next battle will be whether the Amendment applies retroactively.

On August 2, 2024, Illinois Governor J.B. Pritzker signed SB 2979 into law. The bill amends the Illinois Biometric Information Privacy Act (BIPA) by limiting the number of claims that can be brought under the law’s private right of action and updating the law’s definition of “written release” to include “electronic signature.” In this Byte Back blog, David Stauss provides a summary of these two changes. Read more: https://lnkd.in/gKcxkgKw #BiometricPrivacy #PrivacyLaw

Businesses operating in Illinois have been trying to get the state legislature to amend #BIPA for years. Now, with a little coaxing from the state supreme court, its looks like those amendments are imminent. The proposed changes would reduce the risk of a violation for businesses, and will likely dissuade many individuals from suing altogether.   This certainly addresses the issues business owners have with the law, but possibly at the cost of defanging one of the few personal privacy laws in the country that extends protection to employees.   Read more about the potential impact of the proposed changes to the IL Biometric Information Privacy Act here: https://lnkd.in/e_AzhZjf #Employeerights #privacylaw #biometrics #workplaceprivacy

Last week, S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA), was signed into law by the governor. The amendment is intended to rationalize how a violation of the law is calculated. My Covington & Burling LLP data privacy colleagues Lindsey Tonsager, Elizabeth Canter, and Priya Sundaresan Leeds provide the details in this post. #bipa #dataprivacy #biometrics

Earlier this year, we reported that the Illinois Senate passed Senate Bill 2979 with a vote of 46 to 13, and the Illinois House of Representatives passed Senate Bill 2979 with a vote 81 to 30. This bill addressed concerns arising from recent legal interpretations of the Illinois Biometric Information Privacy Act (“BIPA,” 740 ILCS 14/ et seq.), particularly following […] https://lnkd.in/dc6zqEHE www.Cyprus-CEO.com #CEO #business #management #marketing #tech #AI #legal #money

Earlier this year, we reported that the Illinois Senate passed Senate Bill 2979 with a vote of 46 to 13, and the Illinois House of Representatives passed Senate Bill 2979 with a vote 81 to 30. This bill addressed concerns arising from recent legal interpretations of the Illinois Biometric Information Privacy Act (“BIPA,” 740 ILCS 14/ et seq.), particularly following […] https://lnkd.in/dc6zqEHE www.Cyprus-CEO.com #CEO #business #management #marketing #tech #AI #legal #money

What privacy reforms will land tomorrow? We will see: - transparency about automated decisions - statutory tort for a serious invasion of privacy - funding for a children's privacy code - clarification of reasonable measures required to protect personal information (such as organisational and technological measures) Regulator and enforcement reforms will include: - regulator powers, including expanded powers to make codes - more flexible enforcement, with tiered penalties for less serious privacy breaches and more flexible powers for courts - monitoring and investigation powers for the OAIC We'll also see tools to help government manage data breaches (through emergency declaration powers). And... a criminal offence for doxxing (malicious release of personal information online). The second tranche of reforms will have to wait till after the election. Leon Franklin Geoff McGrath Mathew Baldwin

"The California Privacy Protection Agency's proposed automated decision-making technology regulations aim to increase transparency around when and where automated decisions are employed while allowing consumers to exercise their rights. "Stakeholders have a role to play in shaping the final rules, as industry, civil society and others will have until 14 Jan. 2025 to submit comments to the formal rulemaking process." Read "Civil society, academics consider impacts of CPPA's ADMT rulemaking" by IAPP's Alexandra White: https://bit.ly/3OsJ5oE

This morning the first tranche of the long awaited privacy reforms were tabled! I'm sure there will be lots of insights shared over the coming weeks, but here are some of the key changes included in the bill: - Greater transparency for individuals by requiring disclosure of automated decision making and requiring organisations to have clear policies and procedures for retaining and destroying personal information - Easier international data transfers through whitelisting of countries with equivalent privacy protections - Greater clarity on the factors that make an interference with privacy 'serious' - Emergency declarations under the Act - Increased financial costs for non-compliance through the creation of a statutory tort for invasions of privacy and new civil penalty provisions for non-serious interferences - Criminal offences for doxxing and harassment - Better protections for children

Rhode Island's legislature has passed and sent H 7787, the Data Transparency and Privacy Protection Act, to the governor. Though missing elements like universal opt-out mechanisms and data minimization requirements, this bill mandates controllers to publicly disclose third parties to whom they have sold or may sell customers' PII. Unlike Oregon and Minnesota, Rhode Island requires this list to be posted prominently on websites or online services, enhancing transparency. #DataPrivacy #LegalUpdate #RhodeIsland #AdvertisingLaw #PrivacyProtection #PII https://lnkd.in/efktnAtD