The California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA) (collectively, the CPRA) introduced significant changes to the data privacy landscape, enhancing consumer protections and imposing new obligations on businesses. The CPRA went into effect on January 1, 2023, and will be enforced beginning July 1, 2023.

On May 18, 2023, the United States Supreme Court issued a ruling in Gonzalez v. Google LLC (No. 21-1333), a Ninth Circuit case that the technology industry has followed closely, due to its potential implications for the immunity provided by Section 230 of the Communications Decency Act, 47 U.S.C. § 230, for platforms that host digital content provided by its users. Since its passage in 1996, Section 230 consistently has shielded platforms from liability for claims relating to user content on a variety of websites and more recently, applications. In its ruling, the Supreme Court declined to address Section 230, thereby providing a favorable outcome for the technology industry because the immunity provided by Section 230, as applied by courts throughout the country, will remain in place.

On June 1, 2023, Governor Ron DeSantis signed into law CS/SB 7052 (the Act), increasing consumer protection and insurer accountability in Florida. The newly enacted and amended statutes under CS/SB 7052 bolster policyholder protections and impose greater insurer oversight, including heightened penalties for insurer misdeeds in the state under a new law that will take effect on July 1, 2023 (this legal alert does not address all of the statutory revisions associated with the Act). As House Speaker Paul Renner noted, “The insurance legislation signed by Governor DeSantis today . . . not only empowers homeowners, but also cultivates market-driven competition, ultimately leading to lower costs.”

On Wednesday, June 6, 2023, the New York State Senate passed the Amended Grieving Families Act (A6698). The bill will now be sent to Governor Hochul for signature or veto. It is unclear whether the amended bill will alleviate the governor’s concerns that prompted her to veto the original version in January of this year.

On May 16, 2023, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Russian national Mikhail Matveev for his role in launching cyberattacks on U.S. law enforcement, businesses, and critical infrastructure. In addition to his placement on OFAC’s Specially Designated Nationals (SDN) list, District Courts in New Jersey and the District of Columbia have unsealed several indictments against Matveev, and the Department of Justice announced that it is offering a $10 million reward for any information that leads to his arrest or conviction.

Welcome to the inaugural edition of the Lewis Brisbois CyberCapsule. Each month, the CyberCapsule will highlight newsworthy events that occurred during the preceding month.

Last week, the National Labor Relations Board’s (NLRB) General Counsel, Jennifer A. Abruzzo, issued a memorandum to all regional directors, officers-in-charge, and resident officers detailing her position that, except in very limited circumstances, most traditional non-competition agreements violate Section 8(a)(1) of the National Labor Relations Act (NLRA).

The U.S. Securities and Exchange Commission announced on Friday, June 2, 2023 that an earlier-announced breach (described as a “control deficiency”) between the agency’s enforcement and adjudicatory functions was even more expansive and serious than previously announced. As a result of the internal breach, the agency has dismissed 42 pending enforcement cases, and has agreed to lift industry bans on 48 people whose cases were also involved in the breach.