CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Posts Tagged ‘Virginia’

States are Busy on the Cyber Front

Posted on: February 19th, 2020

By: Amy C. Bender

2020 is off to a busy start, with several states taking action on cybersecurity legislation and issuing other legal updates. Highlights include:

California – California’s Attorney General has issued revised proposed regulations regarding the California Consumer Privacy Act (“CCPA”), which creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. The updates, which are aimed at providing more relief for consumers and clarity to covered businesses, include changes to definitions, notice and other requirements for covered businesses, and consumer rights and requests. The revised proposed regulations are available here and are currently under a public comment period.

Maryland – In the first decision of its kind under Maryland law, a federal court has ruled that a loss of software and data due to a ransomware attack was covered under a business owner’s property insurance policy. Specifically, the court found that the loss qualified as a “direct physical loss of or damage” to covered property (the affected computer server and networked computers) based on the loss of the data and software in the computer system and the loss of functionality to the computer system itself. The court reasoned that the policy did not limit covered losses to tangible property only or to total property losses. The decision is available here.

Massachusetts – The state’s legislature has stalled a proposed consumer data privacy law (available here) that would have imposed notice and disclosure requirements on businesses that collect consumers’ personal information, provided consumers the right to delete and opt out of third-party disclosure of collected personal information, and allowed consumers to sue for violations of the act without having to show any resulting damage. The bill has been sent to a “study order,” where a committee will study it and report its findings.

New York – The Stop Hacks and Improve Electronic Data Security Act (“SHIELD ACT”), available here, amends the state’s existing data breach notification law to require any person or business that owns or licenses computerized data that includes private information of New York residents to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information, including disposal of data. The data security provisions go into effect on March 21, 2020.

Virginia – Similar to Massachusetts, Virginia’s legislature has delayed and referred to study several privacy-related bills, including bills relating to consumer rights regarding access and sale of their personal data, destruction and disposal of records containing personally identifiable information, and collection and safekeeping of biometric data by employers.

Washington – The legislature has introduced a revised version of a proposed law, the Washington Privacy Act (available here), which would apply to certain private business that control or process consumer personal data and that are located within or targeted to residents of the state. The law would provide consumers rights regarding their personal data, impose responsibilities on covered controllers and processors, and regulate facial recognition services. The bill is now scheduled for a public hearing.

Freeman Mathis & Gary’s Data Privacy and Security Practice Group is here to help clients with policies and training. If you have any questions or would like more information, please contact Amy Bender at [email protected].

“Sanctuary Cities” Get a Reprieve For Now

Posted on: January 10th, 2019

By: Pamela Everett

As many city, county and state attorneys are aware, in 2017 the US. Department of Justice (DOJ) added three conditions to the application process for the Edward Byrne Memorial Justice Assistance Grant (“Byrne JAG”) program in an effort to eliminate so called sanctuary cities. The Byrne JAG program originated from the Omnibus Crime Control and Safe Streets Act of 1968,  which created grants to assist the law enforcement efforts of state and local authorities. Under the Byrne JAG program, states and localities may apply for funds to support criminal justice programs in a variety of categories, including law enforcement, prosecution, crime prevention, corrections, drug treatment, technology, victim and witness services, and mental health.

The first condition, called the “Notice Condition” requires grantees, upon request, to give advance notice to the Department of Homeland Security of the scheduled release date and time of aliens housed in state or local correctional facilities. The second condition, called the “Access Condition,” requires grantees to give federal agents access to aliens in state or local correctional facilities in order to question them about their immigration status. The third condition, called the “Compliance Condition” requires grantees to certify their compliance with 8 U.S.C. § 1373, which prohibits states and localities from restricting their officials from communicating with immigration authorities regarding anyone’s citizenship or immigration status. Grantees are also required to monitor any subgrantees’ compliance with the three conditions, and to notify DOJ if they become aware of credible evidence of a violation of the Compliance Condition. Additionally, all grantees must certify their compliance with the three conditions, which carries the risk of criminal prosecution, civil penalties, and administrative remedies. The DOJ also requires the jurisdictions’’ legal counsel to certify compliance with the conditions.

A number of jurisdictions have sued the DOJ and the U. S. Attorney General regarding these new conditions and sought a nationwide injunction; however, so far, none have  been successful in obtaining a nationwide injunction.  Recently a partial win was handed to the states of New York, Connecticut, New Jersey, Rhode Island, Washington, and Commonwealths of Massachusetts and Virginia and the City of New York. The States and the City challenged the imposition of the three conditions on five bases: (1) the conditions violates the separation of powers, (2) the conditions were ultra vires under the Administrative Procedure Act (“APA”), (3) the conditions were not in accordance with law under the APA, (4) the conditions were arbitrary and capricious under the APA, and (5) § 1373 violated the Tenth Amendment’s prohibition on commandeering.  This case challenged the authority of the Executive Branch of the federal government to compel states to adopt its preferred immigration policies by imposing conditions on congressionally authorized funding to which the states are otherwise entitled.

While the court held that the plaintiffs did not make a sufficient showing of nationwide impact to demonstrate that a nationwide injunction was necessary to provide relief to them, it did find as follows: (1) The Notice, Access, and Compliance Conditions were ultra vires and not in accordance with law under the APA. (2) 8 U.S.C. § 1373(a)–(b), insofar as it applies to states and localities, is facially unconstitutional under the anticommandeering doctrine of the Tenth Amendment. (3)  The Notice, Access, and Compliance Conditions violated the constitutional separation of powers. (4)The Notice, Access, and Compliance Conditions were arbitrary and capricious under the APA.  (5) The DOJ was mandated to reissue the States’ FY 2017 Byrne JAG award documents without the Notice, Access, or Compliance Conditions, and upon acceptance to disburse those awards as they would in the ordinary course without regard to those conditions.  Additionally, the DOJ was prohibited from imposing or enforcing the Notice, Access, or Compliance Conditions for FY 2017 Byrne JAG funding for the States, the City, or any of their agencies or political subdivisions.

The DOJ was prohibited from imposing or enforcing the Notice, Access, or Compliance Conditions for FY 2017 Byrne JAG funding for the States, the City, or any of their agencies or political subdivisions.

There are several other cases pending, including one filed by the City of San Francisco, seeking the issuance of a nationwide injunction to prohibit the enforcement of the new conditions. Stay tuned for more developments in this area.

If you have any questions or would like more information, please contact Pamela Everett at [email protected].

 

Related litigation: City of Chicago v. Sessions, 264 F. Supp. 3d 933 (N.D. Ill. 2017); affd. appeal, City of Chicago v. Sessions, 888 F.3d 272 (7th Cir. 2018), but later stayed the nationwide scope of the injunction pending en banc review. Conference City of Evanston v. Sessions, No. 18 Civ. 4853, slip op. at 11 (N.D. Ill. Aug. 9, 2018) City of Philadelphia v. Sessions, 280 F. Supp. 3d 579 (E.D. Pa. 2017); City of Philadelphia v. Sessions, 309 F. Supp. 3d 289 (E.D. Pa. 2018)(currently on appeal); California ex rel. Becerra v. Sessions, 284 F. Supp. 3d 1015 (N.D. Cal. 2018)