Further Expansion of Data Security Requirements in FTC Order with LightYear Dealer Technologies

Share

The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to automotive dealerships nationwide. The settlement resolves allegations that DealerBuilt engaged in a number of unreasonable data security practices. The DealerBuilt’s DMS software tracks, manages, and stores information related to all aspects of a dealership’s business, including sales, finance, inventory, accounting, payroll, and parts and service and collects and maintains personal and competitively sensitive information about consumers and employees.

Continue reading

Nevada’s Privacy Law Granting Opt-Out Rights Is First Out of the Gate

Share

On May 29, 2019, Nevada Governor Steve Sisolak signed into law SB 220, which amends Nevada’s security and privacy law to require an operator of a website or online service for commercial purposes to permit consumers to opt-out of the sale of any covered personally identifiable information that the operator has collected or will collect about the consumer. The law becomes effective October 1, 2019, several months before the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, and is therefore set to become the first of its kind to be implemented in the U.S.

Continue reading

Oregon Amends Data Breach Notification Law to Apply to Vendors

Share

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a security breach.

Continue reading

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy