Tag Archives: Credit Monitoring

Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident

Posted on January 27, 2012 by Hunton & Williams LLP

On January 24, 2011, Connecticut Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein announced that they had reached an Assurance of Voluntary Compliance (“AVC”) with Metropolitan Life Insurance Co. (“MetLife”) in connection with an incident involving the disclosure of customer personal information on the Internet. In November 2009, a MetLife employee posted the personally identifiable information of current and former MetLife customers, including their Social Security numbers, on the Internet. Following the discovery of the posting, MetLife acted to mitigate possible harm by providing credit monitoring and identity theft insurance to the affected customers.

Tags: Connecticut, Consumer Protection, Credit Monitoring, Personally Identifiable Information, Social Security Number, State Attorneys General

Third Circuit Holds Data Breach Plaintiffs Lack Standing

Posted on January 20, 2012 by Hunton & Williams LLP

On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that employees of Ceridian Corporation’s (“Ceridian’s”) customers did not have standing to sue Ceridian after the payroll processing firm suffered a data breach.

In December 2009, a hacker may have gained access to personal and financial information of Ceridian’s customers, including names, addresses, Social Security numbers, dates of birth and bank account information. Although it is not known if the hacker read, copied or understood the data, Ceridian sent notification letters to affected individuals informing them of the breach and offering to provide one year of complimentary credit monitoring and identity theft protection.

Tags: Consent Order, Consumer Protection, Credit Monitoring, Cybersecurity, Federal Trade Commission, Hacker, Litigation, Social Security Number

Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act

Posted on June 17, 2011 by Hunton & Williams LLP

On June 13, 2011, Representative Mary Bono Mack (R-CA) released a discussion draft of the Secure and Fortify Data Act (the “SAFE Data Act”), which is designed to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” Representative Bono Mack is Chairman of the House Subcommittee on Commerce, Manufacturing and Trade. In a press release, Representative Bono Mack remarked that “E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security.” She added that “consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them.”

Tags: Consumer Protection, Credit Monitoring, Credit Report, Cybersecurity, Federal Trade Commission, Gramm Leach Bliley Act, HIPAA, Legislation, Payment Card, Privacy Policy, Social Security Number

Legislatures and the EEOC Shine Spotlight on Credit Checks

Posted on March 17, 2011 by Hunton & Williams LLP

As reported in Hunton & Williams’ Employment & Labor Perspectives blog:

A commonly used pre-employment screening method–conducting credit checks–has drawn increased scrutiny in recent months. Legislatures at the state and federal levels are considering bills that would limit employer use of credit checks. Moreover, two recently-filed lawsuits, one of which was filed by the EEOC, seek to challenge the use of pre-employment credit checks in hiring decisions.

Tags: Credit Monitoring, Litigation

ILITA Issues Restrictions on Financial Institutions

Posted on February 2, 2011 by Hunton & Williams LLP

Reporting from Israel, legal consultant Dr. Omer Tene writes:

The Israeli Law, Information and Technology Authority (“ILITA”) has issued a new instruction (the “Instruction”) restricting financial institutions from using information concerning writs of execution issued against clients’ property. Pursuant to the Instruction, if a bank or insurance company finds out that a client’s account has become subject to a writ of execution, such information may not be used to deny the client credit or to adjust the rate of his or her insurance premiums. Information regarding writs of execution may be used only to carry out the writ. ILITA’s Instruction is based on the purpose limitation provisions in the Israeli Privacy Protection Act, 1981, as well as a specific section in the Execution of Judgments Act, 1967.

Tags: Credit Monitoring, Criminal Law, Insurance Providers, Israel, Legislation, Omer Tene

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Posted on September 3, 2010 by Hunton & Williams LLP

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25, which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. In addition to providing detailed procedures and information to be included in the notification, the Bulletin states that the Department “will want to review, in draft form, any communications proposed to be made” to affected individuals. The Bulletin further indicates that, “depending on the type of incident and information involved, the Department will also want to have discussions regarding the level of credit monitoring and insurance protection which the Department will require to be offered to affected consumers and for what period of time.”

Tags: Connecticut, Consumer Protection, Credit Monitoring, Insurance Providers

Data Breach: Identity Theft Risk Insufficient to Support Claims

Posted on April 13, 2009 by Hunton & Williams LLP

The mere increased risk of identity theft following a data breach is sufficient to give the data subjects standing to bring a lawsuit in federal court but, absent actual identity theft or other actual harm, claims against the data owner and its service provider for negligence and breach of contract cannot survive, a federal judge ruled this month. Ruiz v. Gap, Inc., et al., No. 07-5739 SC (N.D. Cal. April 6, 2009).

Plaintiff Joel Ruiz brought a putative class action against Gap, Inc. and its service provider Vangent, Inc. after a thief stole a laptop computer from Vangent containing unencrypted Social Security numbers and other personal information of Ruiz and approximately 750,000 other Gap job applicants. Shortly after the theft, Gap notified Ruiz and the other applicants of the breach and offered them 12 months of free credit monitoring and fraud assistance. Ruiz sought damages under various theories, including negligence (failure to exercise due care to protect the data) and breach of contract (breach of the security provisions of Gap’s contract with Vangent, under the theory that Ruiz was a third-party beneficiary of the contract).

Tags: California, Class Action, Credit Monitoring, Litigation, Social Security Number

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Credit Monitoring

Legislatures and the EEOC Shine Spotlight on Credit Checks

ILITA Issues Restrictions on Financial Institutions

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News