On October 23, 2018, the parties in the Yahoo! Inc. Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data.
Continue Reading

On November 1, 2018, Senator Ron Wyden released a draft bill, the Consumer Data Protection Act, that seeks to “empower consumers to control their personal information.” The draft bill imposes heavy penalties on organizations and their executives, and for certain thresholds would require senior company executives to file annual data reports with the Federal Trade Commission.
Continue Reading

Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading

On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.
Continue Reading

On September 26, 2018, the US Senate Committee on Commerce, Science, and Transportation convened a hearing on Examining Consumer Privacy Protections with representatives of major technology and communications firms to discuss approaches to protecting consumer privacy, how the United States might craft a federal privacy law and companies’ experiences in implementing the EU General Data Protection Regulation and the California Consumer Privacy Act.
Continue Reading

On September 26, 2018, Uber Technologies Inc. agreed to a settlement with all 50 U.S. state attorneys general in connection with a 2016 data breach affecting the personal information (including driver’s license numbers) of approximately 607,000 Uber drivers nationwide, as well as approximately 57 million consumers’ email addresses and phone numbers.
Continue Reading