On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.
Continue Reading
Security Breach
Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
Posted on
On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history. …
Continue Reading
ICO Publishes First Annual Report Since GDPR’s Implementation
Posted on
The UK Information Commissioner’s Office released its first Annual Report published since the GDPR took effect. This blog entry provides a summary of the Annual Report. …
Continue Reading
Revisions to the Closely Watched “Employee Exemption” Amendment to the CCPA
Posted on
A number of bills to amend the California Consumer Privacy Act of 2018 are still pending before the California legislature. Of particular interest to many businesses is AB 25, which could narrow applicability of the CCPA by removing employees from its scope.…
Continue Reading
Washington AG Settles with Premera on Behalf of Multistate Coalition
Posted on
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading
ICO Announces $124 Million Fine for Marriott International following Data Breach
Posted on
On July 9, 2019, the UK Information Commissioner’s Office announced that it intends to fine Marriott International £99,200,396 for a data breach violating the GDPR. This closely follows the £183 million fine for British Airways, announced on July 8.…
Continue Reading
ICO Announces $230 Million Fine for British Airways following Data Breach
Posted on
On July 8, 2019, the UK Information Commissioner’s Office announced that it intends to fine British Airways £183,390,000 for a data breach for violating the GDPR. This is the first fine to be announced publicly by the ICO under the GDPR.…
Continue Reading
Dutch DPA Expands Guidance on Data Breaches
Posted on
On July 1, 2019, the Dutch Data Protection Authority announced that it had expanded its guidance on data breaches. This blog entry provides highlights on the update.…
Continue Reading
Texas Amends Data Breach Law; Now Requires Regulator Notification
Posted on
Texas Governor Greg Abbott recently signed into law HB 4390, which amends the state’s data breach notification law and creates an advisory council tasked with studying and developing recommendations regarding data privacy legislation.…
Continue Reading
First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Posted on
Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case. …
Continue Reading