Archives: Enforcement

Subscribe to Enforcement RSS Feed

Will Spokeo Undermine CAFA?

As we previously reported, the Supreme Court’s decision in Spokeo v. Robins, has been nearly universally lauded by defense counsel as a new bulwark against class actions alleging technical violations of federal statutes. But Spokeo also poses a significant threat to defendants by defeating their ability to remove exactly the types of cases that defendants most want in federal court.… Continue Reading

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading

Supreme Court Finds Consumers Must Prove Injury in Class Actions

On May 16, 2016, the United States Supreme Court issued a decision in Spokeo Inc. v. Thomas Robins, holding that the Ninth Circuit’s ruling applied an incomplete analysis when it failed to consider both aspects of the injury-in-fact requirement under Article III. The Court found that a consumer could not sue Spokeo, Inc., an alleged consumer reporting agency that operates a “people search engine,” for a mere statutory violation without alleging actual injury.… Continue Reading

FTC Announces First APEC Cross-Border Privacy Rules Enforcement Action

On May 4, 2016, the Federal Trade Commission issued a press release announcing its recent settlement with hand-held vaporizers manufacturer Very Incognito Technologies, stemming from charges that the company falsely claimed it had certified under the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules framework.… Continue Reading

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading

JIPDEC Named Accountability Agent for APEC Cross-Border Privacy System

On February 25, 2016, the Asia-Pacific Economic Cooperation issued a press release announcing the decision by the Joint Oversight Panel of the APEC Electronic Commerce Steering Group to approve the Japan Institute for Promotion of Digital Economy and Community as a new “Accountability Agent” under the APEC Cross-Border Privacy Rules system.… Continue Reading

European Commission Presents EU-U.S. Privacy Shield

On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. Privacy Shield, including a draft adequacy decision of the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken over the last few years to restore trust in transatlantic data flows.… Continue Reading

FTC Settles with Router Manufacturer over Software Security Flaws

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.… Continue Reading

California Attorney General Releases Report Defining “Reasonable” Data Security

On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading

Department of Homeland Security Issues Procedures Regarding Sharing Cybersecurity Information

On February 16, 2016, the Department of Homeland Security, in collaboration with other federal agencies, released a series of documents outlining procedures for both federal and non-federal entities to share and disseminate cybersecurity information. These documents were released as directed by the Cybersecurity Act of 2015, signed into law on December 18, 2015.… Continue Reading

New Safe Harbor Deal Between EU and U.S. May Be Imminent

According to Bloomberg BNA, Paul F. Nemitz, Director for Fundamental Rights and Union Citizenship at the Directorate-General Justice of the European Commission, said at a privacy conference that he hoped a new U.S.-EU Safe Harbor agreement would be reached by the evening of Monday, February 1, 2016.… Continue Reading

Taiwan Amends Personal Data Protection Law

Taiwan’s Office of the President recently issued an order to promulgate certain amendments to Taiwan’s Personal Data Protection Law. The Amendments revise 12 articles in the PDPL concerning the collection and use of sensitive personal data, the form of consent for the collection of non-sensitive personal data, and the imposition of criminal liability for certain violations of the PDPL. … Continue Reading
LexBlog