On February 1, 2024, the Federal Trade Commission announced a proposed settlement with Blackbaud Inc. in connection with alleged security failures that resulted in a breach of the company’s network and access to the personal data of millions of consumers.
Continue Reading FTC Proposes Settlement with Blackbaud in Connection with Alleged Security Failures

On December 13, 2023, the Federal Communications Commission (FCC) voted to update its 16-year old data breach notification rules (the “Rules”). Pursuant to the FCC update, providers of telecommunications, Voice over Internet Protocol (VoIP) and telecommunications relay services (TRS) are now required to notify the FCC of a data breach, in addition to existing obligations to notify affected customers, the FBI and the U.S. Secret Service.Continue Reading FCC Adopts Updated Data Breach Notification Rules

On November 16, 2023, the Federal Trade Commission released a proposed order in connection with a complaint filed in August of 2020 against Global Tel*Link Corp. and its subsidiaries, Telmate and TouchPay, which offers communication and payment services for incarcerated individuals.
Continue Reading In an FTC First, Proposed Order Requires Global Tel*Link Corp. to Notify Users and Facilities of Future Breaches

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty in connection with the company’s response to a data breach that occurred in February 2022.
Continue Reading Australian Privacy Regulator Sues in Data Breach Case

On October 31, 2023, the Department of Health and Human Services announced the issuance of a settlement agreement with Doctors’ Management Services, a Massachusetts-based medical management company, related to alleged violations of the Health Insurance Portability and Accountability Act’s Privacy and Security Rules.
Continue Reading HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack

On October 12, 2023, the French Data Protection Authority announced a €600,000 fine for mass media company Groupe Canal+ for failing to comply with its commercial prospecting obligations applicable under the French Post and Electronic Communications Code and several obligations of the EU General Data Protection Regulation.
Continue Reading CNIL Fines Groupe Canal+ 600,000 Euros For Direct Marketing and GDPR Infringements

On October 27, 2023, the Federal Trade Commission announced that it has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches to the FTC.
Continue Reading FTC Amends Safeguards Rule to Require Certain Financial Institutions to Report Data Security Breaches