On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.
Continue Reading
Identity Theft
Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
Posted on
On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history. …
Continue Reading
Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
Posted on
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.…
Continue Reading
FTC Seeks Public Comment on Identity Theft Rules
Posted on
On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule and the duties of card issuers regarding changes of address.…
Continue Reading
SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule
Posted on
Posted in Enforcement, Identity Theft
On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.…
Continue Reading
Louisiana Amends Data Breach Notification Law, Eliminates Fees for Security Freezes
Posted on
Recently, Louisiana amended its data breach notification law. The amended law goes into effect on August 1, 2018.…
Continue Reading
Arizona Amends Data Breach Notification Law
Posted on
On April 11, 2018, Arizona amended its data breach notification law, which will require persons, companies and government agencies doing business in the state to notify affected individuals within 45 days of determining that a breach has resulted in or is reasonably likely to result in substantial economic loss to affected individuals.…
Continue Reading
FTC Hosts Workshop on Informational Injury
Posted on
On December 12, 2017, the FTC hosted a workshop on informational injury in Washington, D.C. where industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and resulting harms to consumers when information about them is misused or inappropriately protected. …
Continue Reading
Lisa Sotto Discusses Identity Theft Prevention on Fox TV
Posted on
Posted in Identity Theft, Multimedia Resources
On July 27, 2017, Lisa Sotto, chair of Hunton & Williams LLP’s Global Privacy and Cybersecurity practice, appeared live on Washington, DC’s Fox TV to discuss the ID theft issue involving former Dallas Cowboys player Lucky Whitehead, and to warn against the risk of identity theft.…
Continue Reading
Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
Posted on
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.…
Continue Reading