On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.
Continue Reading
Identity Theft
FTC Seeks Public Comment on Identity Theft Rules
Posted on
On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule and the duties of card issuers regarding changes of address.…
Continue Reading
SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule
Posted on
Posted in Enforcement, Identity Theft
On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.…
Continue Reading
Louisiana Amends Data Breach Notification Law, Eliminates Fees for Security Freezes
Posted on
Recently, Louisiana amended its data breach notification law. The amended law goes into effect on August 1, 2018.…
Continue Reading
Arizona Amends Data Breach Notification Law
Posted on
On April 11, 2018, Arizona amended its data breach notification law, which will require persons, companies and government agencies doing business in the state to notify affected individuals within 45 days of determining that a breach has resulted in or is reasonably likely to result in substantial economic loss to affected individuals.…
Continue Reading
FTC Hosts Workshop on Informational Injury
Posted on
On December 12, 2017, the FTC hosted a workshop on informational injury in Washington, D.C. where industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and resulting harms to consumers when information about them is misused or inappropriately protected. …
Continue Reading
Lisa Sotto Discusses Identity Theft Prevention on Fox TV
Posted on
Posted in Identity Theft, Multimedia Resources
On July 27, 2017, Lisa Sotto, chair of Hunton & Williams LLP’s Global Privacy and Cybersecurity practice, appeared live on Washington, DC’s Fox TV to discuss the ID theft issue involving former Dallas Cowboys player Lucky Whitehead, and to warn against the risk of identity theft.…
Continue Reading
Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
Posted on
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.…
Continue Reading
New Mexico Enacts Data Breach Notification Law
Posted on
On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. …
Continue Reading
Virginia Adds State Income Tax Provision to Data Breach Notification Law
Posted on
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.…
Continue Reading