Navigating “Pen Register” Law in the Digital Age: Court Rules the Law Applies to Website Tracking Technologies

Written by Albina Gasanbekova and Lucy Holmes Plovnick, AIGP, CIPP/US On February 20, 2025, the United States District Court for the Southern District of New York recognized that online tracking technologies that collect IP addresses may fall under California’s “Pen Register” law, known as Section 638.51 of the California Invasion of Privacy Act (“CIPA”), which prohibits the use of physical recording devices for telephone communications without … Continue reading Navigating “Pen Register” Law in the Digital Age: Court Rules the Law Applies to Website Tracking Technologies

mskllpFebruary 27, 2025Leave a comment

Cybersecurity, Regulatory

VPPA Litigation Trends and Defense Strategies

Written by Susan Kohn Ross, Lucy Plovnick, and Stacey Chuvaieva Video Privacy Protection Act (VPPA) litigation has become a major focus for class action lawyers targeting websites using Meta or Google Pixels that offer any kind of subscription for users and contain video content. Despite the recent litigation trend primarily favoring defendants, VPPA litigation remains persistent, and the steady flow of cases shows no signs … Continue reading VPPA Litigation Trends and Defense Strategies

mskllpJuly 31, 2024July 31, 2024Leave a comment

Cybersecurity

Texas and Oregon’s Comprehensive Privacy Law Is Coming Into Effect: Time To Prepare For Enforcement Actions

Written by Susan Kohn Ross, Lucy Plovnick, and Stacey Chuvaieva On July 1, 2024, Texas and Oregon’s comprehensive data privacy laws took effect. The Texas Data Privacy and Security Act (TDPSA) was signed into law on June 18, 2023. Most[1] of its obligations will go into effect on July 1 and will likely be vigorously enforced. The Oregon Consumer Data Privacy Act (OCDPA), signed into … Continue reading Texas and Oregon’s Comprehensive Privacy Law Is Coming Into Effect: Time To Prepare For Enforcement Actions

mskllpJuly 1, 2024July 1, 2024Leave a comment

Cybersecurity, Intellectual Property, Regulatory

Be Careful Who You Pick As Your Arbitration Provider!

Written by Susan Kohn Ross On August 10, 2023, a California federal district court refused to enforce an arbitration clause because the defendants’ Terms of Use (sometimes called Terms of Service) named an arbitration provider whose lack of even-handed and transparent procedures rendered the clause unconscionable. Heckman v. Live Nation Entertainment, Inc., CV22-0047 (C.D. Cal). While only a district court decision, the opinion stands as … Continue reading Be Careful Who You Pick As Your Arbitration Provider!

mskllpSeptember 20, 2023September 20, 2023Leave a comment

Corporate, Cybersecurity

SEC Approves New Rules for Cybersecurity Disclosure and Incident Reporting

Written by Blake Baron and Gabriel Miranda On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) adopted the new highly-anticipated cybersecurity disclosure rules for public companies. Background: Cybersecurity disclosure has been on the SEC’s radar since their 2018 cybersecurity disclosure guidance. And, on March 9, 2022, the SEC first proposed its new cybersecurity rules for public companies aiming to “better inform investors” about … Continue reading SEC Approves New Rules for Cybersecurity Disclosure and Incident Reporting

mskllpAugust 3, 2023Leave a comment

Cybersecurity, Regulatory

New Adequacy Decision for the EU-US Data Privacy Framework

Written by Susan Kohn Ross, Stacey Chuvaieva, and Lucy Holmes Plovnick Yesterday, July 10, 2023, the European Commission adopted a new adequacy decision entitled the EU-US Data Privacy Framework. It provides a new mechanism designed to permit the transfer of personal data from the European Union to the United States (“Framework”) in a manner that adequately protects the privacy rights of those individuals whose personally identifiable … Continue reading New Adequacy Decision for the EU-US Data Privacy Framework

mskllpJuly 11, 2023July 11, 2023Leave a comment

Cybersecurity, Regulatory

More States Enact Privacy Laws

Written by Susan Kohn Ross, Lucy Plovnick, Stacey Chuvaieva and Albina Gasanbekova Iowa and Indiana now become the sixth and the seventh states, respectively, to provide comprehensive privacy protection to those living in those states, following the lead of California, Virginia, Connecticut, Colorado, and Utah (in that order). Those who do business in Iowa or have Iowa consumers as customers/users have until January 1, 2025 … Continue reading More States Enact Privacy Laws

mskllpJune 6, 2023June 6, 2023Leave a comment

Cybersecurity, Regulatory

Final California Privacy Regulations Approved: Key Takeaways

Written by Susan Kohn Ross and Stacey Chuvaieva On March 29, 2023, California’s Office of Administrative Law (“OAL”) approved the final text of the first part of the regulations issued by the California Privacy Protection Agency (“CPPA”) , which will take effect immediately (“Regulations”). These final Regulations provide long awaited guidance on some new concepts contained in the California Privacy Rights Act (“CPRA”) which was approved by … Continue reading Final California Privacy Regulations Approved: Key Takeaways

mskllpApril 4, 2023April 4, 2023Leave a comment

Cybersecurity, Regulatory

New State Privacy Laws Effective in 2023: Get Ready For the Colorado, Connecticut, and Utah Privacy Laws

Written by Susan Kohn Ross, Lucy Holmes Plovnick, and Stacey Chuvaieva Colorado, Connecticut, and Utah have enacted comprehensive state privacy laws that will become effective in 2023. The Colorado Privacy Act (“CPA”) and the Connecticut Data Privacy Act (“CTDPA”) both go into effect on July 1, 2023. The Utah Consumer Privacy Act (the “UCPA”) becomes effective on December 31, 2023. The UCPA, CTDPA, and CPA … Continue reading New State Privacy Laws Effective in 2023: Get Ready For the Colorado, Connecticut, and Utah Privacy Laws

mskllpDecember 8, 2022December 8, 2022Leave a comment

Cybersecurity, Regulatory

Getting Ready For Virginia’s Consumer Data Protection Act (VCDPA)

Written by Susan Kohn Ross, Lucy Holmes Plovnick, and Stacey Chuvaieva On November 21, 2022 we reported about the changes taking place to California’s Consumer Privacy Act (here) which are effective January 1, 2023. In this Alert, we turn to the Virginia Consumer Data Protection Act (VCDPA) which takes effect on January 1, 2023. Inspired by the European GDPR, Virginia’s state privacy law aligns with its … Continue reading Getting Ready For Virginia’s Consumer Data Protection Act (VCDPA)

mskllpNovember 22, 2022November 22, 2022Leave a comment

MSK Blog

MSK's Official Blog Site

Category: Cybersecurity

Navigating “Pen Register” Law in the Digital Age: Court Rules the Law Applies to Website Tracking Technologies

VPPA Litigation Trends and Defense Strategies

Texas and Oregon’s Comprehensive Privacy Law Is Coming Into Effect: Time To Prepare For Enforcement Actions

Be Careful Who You Pick As Your Arbitration Provider!

SEC Approves New Rules for Cybersecurity Disclosure and Incident Reporting

New Adequacy Decision for the EU-US Data Privacy Framework

More States Enact Privacy Laws

Final California Privacy Regulations Approved: Key Takeaways

New State Privacy Laws Effective in 2023: Get Ready For the Colorado, Connecticut, and Utah Privacy Laws

Getting Ready For Virginia’s Consumer Data Protection Act (VCDPA)