On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” … Continue Reading
On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading
On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.… Continue Reading
On April 4, 2017, the Massachusetts Attorney General’s office announced a settlement with Copley Advertising LLC in a case involving geofencing. … Continue Reading
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading
On March 17, 2017, the Federal Trade Commission announced that Upromise, Inc., agreed to pay 500,000 dollars to settle allegations that it violated the terms of a 2012 consent order that required Upromise to provide notice to consumers regarding its data collection and use practices, and obtain third-party audits.… Continue Reading
On March 1, 2017, the Federal Communications Commission, under the new leadership of Chairman Ajit Pai, voted 2-1 to issue a temporary stay of the data security obligations of the FCC’s Broadband Consumer Privacy Rules, which were to go into effect March 2, 2017. The temporary stay will remain in place until the FCC is able to act on pending petitions for reconsideration. … Continue Reading
On February 22, 2017, the Federal Trade Commission announced that it had reached settlement agreements with three U.S. companies charged with deceiving consumers about their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.… Continue Reading
On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey agreed to pay 1.1 million dollars as part of a settlement with the New Jersey Division of Consumer Affairs regarding allegations that Horizon did not adequately protect the privacy of nearly 690,000 policyholders. … Continue Reading
On February 6, 2017, the FTC announced that it has agreed to settle charges that VIZIO, Inc., installed software on about 11 million consumer televisions to collect viewing data without consumers’ knowledge or consent. The stipulated federal court order requires VIZIO to pay 2.2 million dollars to the FTC and New Jersey Division of Consumer Affairs. … Continue Reading
On February 1, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 3.2 million dollar civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the HIPAA Privacy and Security Rules, following two consecutive breaches of patient ePHI.… Continue Reading
On January 23, 2017, the FTC released a Staff Report on cross-device tracking technology that can link multiple Internet-connected devices to the same person and track that person’s activity across those devices. The Report follows a November 2015 workshop on the same subject and is based on information and comments gathered during that workshop.… Continue Reading
The Financial Industry Regulatory Authority recently announced that it had fined 12 financial institutions a total of 14.4 million dollars for improper storage of electronic broker-dealer and customer records. … Continue Reading
On December 20, 2016, the FTC announced that it has agreed to settle charges that Turn Inc., a company that enables commercial brands and ad agencies to target digital advertising to consumers, tracked consumers online even after consumers took steps to opt out of tracking. … Continue Reading
On December 14, 2016, the FTC announced that the operators of the AshleyMadison.com website have settled with the FTC and a coalition of state regulators over charges that the companies deceived consumers and failed to protect users’ personal information.… Continue Reading
On December 1, 2016, the nonpartisan Commission on Enhancing Cybersecurity issued its Report on Securing and Growing the Digital Economy, which includes recommended actions that the government and private sector can take over the next 10 years to improve cybersecurity. … Continue Reading
On November 30, 2016, the FTC released a staff summary of a recent public workshop called Putting Disclosures to the Test. The workshop examined ways of testing and evaluating company disclosures regarding advertising claims and privacy practices. … Continue Reading
On November 19, 2016, the French government enacted a bill creating a legal basis for class actions against data controllers and processors resulting from data protection violations. The bill establishes a general class action regime and includes specific provisions regarding data protection violations.… Continue Reading
On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.… Continue Reading
Earlier this week, retailer Tesco Plc’s banking branch reported that approximately 3 million dollars had been stolen from 9,000 customer bank accounts over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank. … Continue Reading
Recently, the U.S. Department of Treasury’s Financial Crimes Enforcement Network issued an advisory entitled Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, to help financial institutions understand how to fulfill their Bank Secrecy Act obligations with regard to cyber events and cyber-enabled crime.… Continue Reading
On November 1, 2016, the FTC announced that a group of entities known as the Consumer Education Group settled FTC charges that, between late 2013 and 2015, it made millions of telemarketing calls, including pre-recorded robocalls, to consumers on the national Do Not Call Registry, in violation of the Telemarketing Sales Rule.… Continue Reading
On October 27, 2016, the Federal Communications Commission announced the adoption of rules that require broadband Internet Service Providers to take steps to protect consumer privacy. … Continue Reading
On October 14, 2016, California Attorney General Kamala D. Harris announced the release of an online form that will enable consumers to report potential violations of the California Online Privacy Protection Act. … Continue Reading
