On June 13, 2017, Judge Andrea R. Wood of the Northern District of Illinois dismissed with prejudice a putative consumer class action filed against Barnes and Noble. The case was first filed after Barnes and Noble’s September 2012 announcement that skimmers had tampered with PIN pad terminals in 63 of its stores and exposed payment card information.… Continue Reading
On May 16, 2017, the Governor of the State of Washington, Jay Inslee, signed into law House Bill 1493, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. The law will become effective on July 23, 2017. Washington becomes the third state to pass legislation regulating the commercial use of biometric identifiers.… Continue Reading
Recently, the Colorado Division of Securities published cybersecurity regulations for broker-dealers and investment advisers regulated by the Division. Colorado’s cybersecurity regulations follow similar regulations enacted in New York that apply to certain state-regulated financial institutions.… Continue Reading
On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090, which updates Oregon’s Unlawful Trade Practices Act by holding companies liable for making misrepresentations on their websites or in their consumer agreements about how they will use, disclose, collect, maintain, delete or dispose of consumer information.… Continue Reading
On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.… Continue Reading
On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” … Continue Reading
On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading
Earlier this month, the New York State Department of Financial Services published FAQs and key dates for its cybersecurity regulation for financial institutions that became effective on March 1, 2017.… Continue Reading
On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. … Continue Reading
On April 4, 2017, the Massachusetts Attorney General’s office announced a settlement with Copley Advertising LLC in a case involving geofencing. … Continue Reading
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading
On March 9, 2017, AllClear ID will host a webinar with Hunton & Williams partner and chair of the Global Privacy and Cybersecurity practice Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog entry provides a link to register for the event.… Continue Reading
On December 28, 2016, the New York State Department of Financial Services announced an updated version of its cybersecurity regulation for financial institutions that will become effective on March 1, 2017.… Continue Reading
On October 14, 2016, California Attorney General Kamala D. Harris announced the release of an online form that will enable consumers to report potential violations of the California Online Privacy Protection Act. … Continue Reading
On October 3, 2016, the Texas Attorney General announced a $30,000 settlement with mobile app developer Juxta Labs stemming from allegations that the company engaged in deceptive practices regarding its collection of personal information from children.… Continue Reading
On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require banks, insurance companies and other financial services institutions to establish and maintain a cybersecurity program designed to ensure the safety of New York’s financial services industry and to protect New York State from the threat of cyber attacks. … Continue Reading
In this second segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto discusses the evolution of privacy over the years. View the video recording now.… Continue Reading
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. … Continue Reading
On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The law takes effect on July 1, 2016.… Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
On December 15, 2015, the California Attorney General announced an approximately 25 million dollar settlement with Comcast Cable Communications, LLC stemming from allegations that Comcast disposed of electronic equipment (1) without properly deleting customer information from the equipment and (2) in landfills that are not authorized to accept electronic equipment.… Continue Reading
On November 17, 2015, two plaintiffs filed a putative class action alleging that Georgia’s Secretary of State improperly disclosed the personal information of more than 6.1 million Georgia voters.… Continue Reading
The United States District Court for the Northern District of California dismissed, without prejudice, a former Uber driver's class action complaint. This blog entry provides highlights from the case.… Continue Reading
