On July 20, 2015, the United States Court of Appeals for the Seventh Circuit reversed a previous decision that dismissed a putative data breach class action against Neiman Marcus for lack of Article III standing.… Continue Reading
On February 23, 2015, the Wyoming Senate approved a bill that adds data elements to the definition of "personal identifying information" in the state's data breach notification statute. The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill that adds content requirements to the notice that breached entities must send affected Wyoming residents. … Continue Reading
Today, the White House announced that the President signed a new executive order focused on cybersecurity. The signed executive order, entitled Improving the Security of Consumer Financial Transactions, focuses on securing consumer transactions and sensitive personal data handled by the U.S. Federal Government.… Continue Reading
On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading
On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading
On September 5, 2013, Pew Research Center released a report detailing the results of a new survey that questioned Internet and smartphone users in the United States about anonymity, privacy and security online. This blog entry provides a brief summary of the survey results and includes a link to the full report.… Continue Reading
On August 29, 2013, the Federal Trade Commission announced that it filed a complaint against LabMD, Inc. for failing to protect consumers' personal data by exposing documents containing names, Social Security numbers, dates of birth, health insurance information and bank account information on a P2P file-sharing network.… Continue Reading
In May 2013, the Federal Trade Commission released a new guide entitled Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business to help businesses and organizations determine whether they are subject to the FTC’s Red Flags Rule and how to fulfill the Rule’s requirements. The Guide includes information regarding what types of entities must comply with the Red Flags Rule, a set of FAQs and a four-step process to achieve compliance.… Continue Reading
On April 10, 2013, the Securities and Exchange Commission and the Commodity Futures Trading Commission jointly adopted rules that require broker-dealers, mutual funds, investment advisers and certain other regulated entities to adopt programs designed to detect red flags and prevent identity theft.… Continue Reading
On March 11, 2013, in Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court effectively reinstated the suit against the retailer by answering favorably for the plaintiff three certified questions from the United States District Court for the District of Massachusetts regarding Massachusetts General Laws Chapter 93, Section 105(a) entitled “Consumer Privacy in Commercial … Continue Reading
The United States Supreme Court’s recent decision in a FISA case is likely to have a significant impact on privacy and data breach-related class actions, possibly thwarting the ability of individuals affected by breaches to assert standing based on a fear of possible future harm.… Continue Reading
On November 30, 2012, the Federal Trade Commission announced the issuance of an interim final rule that makes the definition of “creditor” in the Red Flags Rule consistent with the definition contained in the Red Flag Program Clarification Act of 2010.… Continue Reading
On March 21, 2012, Massachusetts Attorney General Martha Coakley announced that Maloney Properties Inc. executed an Assurance of Discontinuance and agreed to pay $15,000 in civil penalties following an October 2011 theft of a company-issued unencrypted laptop. … Continue Reading
On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.… Continue Reading
On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that its customers’ employees did not have standing to sue Ceridian Corporation, a payroll processing firm that suffered a data breach. … Continue Reading
In an October 18, 2011 report, the Justice Committee called for UK courts to be given greater powers to imprison and fine individuals who breach the Data Protection Act, and asked that the government assess whether the UK Information Commissioner should have additional authority to audit data processing activities.… Continue Reading
On October 24, 2011, Israel’s Data Protection Authority announced significant developments in its sophisticated investigation of a complex cyber security breach that affected more than nine million Israeli citizens.… Continue Reading
On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.
… Continue Reading
On April 5, 2011, Lisa Sotto, partner and head of the Privacy and Data Security practice at Hunton & Williams LLP, discussed the Epsilon email breach in an interview with Tracy Kitten of Information Security Media Group. The interview covered issues such as data protection requirements for sensitive consumer data, steps companies should take to … Continue Reading
On December 18, 2010, President Obama signed the Red Flag Program Clarification Act of 2010 into law. The Act amends the FCRA to limit the scope of the Red Flags Rule with respect to the applicability of identity theft guidelines to creditors.
… Continue Reading
On December 8, 2010, the U.S. House of Representatives approved the Social Security Number Protection Act of 2010. The bill was passed by the Senate on September 28 and now awaits President Obama's signature.
… Continue Reading