On December 12, 2017, the FTC hosted a workshop on informational injury in Washington, D.C. where industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and resulting harms to consumers when information about them is misused or inappropriately protected.
Continue Reading FTC Hosts Workshop on Informational Injury
Identity Theft
Lisa Sotto Discusses Identity Theft Prevention on Fox TV
On July 27, 2017, Lisa Sotto, chair of Hunton & Williams LLP’s Global Privacy and Cybersecurity practice, appeared live on Washington, DC’s Fox TV to discuss the ID theft issue involving former Dallas Cowboys player Lucky Whitehead, and to warn against the risk of identity theft.
Continue Reading Lisa Sotto Discusses Identity Theft Prevention on Fox TV
Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.
Continue Reading Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
New Mexico Enacts Data Breach Notification Law
On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. …
Continue Reading New Mexico Enacts Data Breach Notification Law
Virginia Adds State Income Tax Provision to Data Breach Notification Law
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.
Continue Reading Virginia Adds State Income Tax Provision to Data Breach Notification Law
Home Depot Settles Data Breach Claims
On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.
Continue Reading Home Depot Settles Data Breach Claims
China Publishes Regulation on the Use of Resident Identity Cards
Recently, the People’s Republic of China’s Ministry of Public Security, the National Development and Reform Commission and six other administrative departments jointly published the Announcement on Regulating the Administration of the Use of Resident Identity Cards. The Announcement came into effect on July 15, 2016, the date of its issuance.
Continue Reading China Publishes Regulation on the Use of Resident Identity Cards
Amended Nebraska Data Breach Notification Law Adds Regulator Notification Requirement
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. …
Continue Reading Amended Nebraska Data Breach Notification Law Adds Regulator Notification Requirement
Amended Tennessee Breach Notification Law Tightens Timing Requirement
On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The law takes effect on July 1, 2016.
Continue Reading Amended Tennessee Breach Notification Law Tightens Timing Requirement
California Attorney General Releases Report Defining “Reasonable” Data Security
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. …
Continue Reading California Attorney General Releases Report Defining “Reasonable” Data Security