On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach

On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history.
Continue Reading Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History

On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.
Continue Reading Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule

On April 11, 2018, Arizona amended its data breach notification law, which will require persons, companies and government agencies doing business in the state to notify affected individuals within 45 days of determining that a breach has resulted in or is reasonably likely to result in substantial economic loss to affected individuals.
Continue Reading Arizona Amends Data Breach Notification Law

On December 12, 2017, the FTC hosted a workshop on informational injury in Washington, D.C. where industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and resulting harms to consumers when information about them is misused or inappropriately protected.
Continue Reading FTC Hosts Workshop on Informational Injury