On September 14, 2021, the U.S. House Committee on Energy and Commerce voted in favor of a legislative recommendation that would create a new FTC privacy bureau as part of the proposed $3.5 trillion federal budget reconciliation package.
Continue Reading U.S. House Committee Votes to Create New FTC Privacy Bureau and Appropriate $1 Billion to the Agency
Identity Theft
Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
New York Amends Breach Notification Law
On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.
Continue Reading New York Amends Breach Notification Law
Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history. …
Continue Reading Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.
Continue Reading Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
FTC Seeks Public Comment on Identity Theft Rules
On December 4, 2018, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on whether any amendments should be made to the FTC’s Identity Theft Red Flags Rule and the duties of card issuers regarding changes of address.
Continue Reading FTC Seeks Public Comment on Identity Theft Rules
SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule
On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading SEC Fines Broker-Dealer $1 Million in First Enforcement Action Under Identity Theft Rule
Louisiana Amends Data Breach Notification Law, Eliminates Fees for Security Freezes
Recently, Louisiana amended its data breach notification law. The amended law goes into effect on August 1, 2018.
Continue Reading Louisiana Amends Data Breach Notification Law, Eliminates Fees for Security Freezes
Arizona Amends Data Breach Notification Law
On April 11, 2018, Arizona amended its data breach notification law, which will require persons, companies and government agencies doing business in the state to notify affected individuals within 45 days of determining that a breach has resulted in or is reasonably likely to result in substantial economic loss to affected individuals.
Continue Reading Arizona Amends Data Breach Notification Law