On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach.
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
Credit Monitoring
UK Tribunal Rules on Direct Marketing ICO Case Against Experian
On February 20, 2023, in the case of Experian Limited v The Information Commissioner, the First-Tier Tribunal in the UK ruled on the ICO’s action to require Experian to change how it processes personal data for direct marketing purposes.
Continue Reading UK Tribunal Rules on Direct Marketing ICO Case Against Experian
ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector
On October 27, 2020, the UK Information Commissioner’s Office published a report following its investigation into data protection compliance in the direct marketing data broking sector, alongside its enforcement action against Experian.
Continue Reading ICO Publishes Report on Compliance in Direct Marketing Data Broking Sector
Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history. …
Continue Reading Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History
Massachusetts Amends Data Breach Law; Imposes Additional Requirements
On January 10, 2019, Massachusetts Governor Charlie Baker signed legislation amending the state’s data breach law, and the amendments take effect on April 11, 2019. This blog entry provides highlights on the Act. …
Continue Reading Massachusetts Amends Data Breach Law; Imposes Additional Requirements
Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring
On October 23, 2018, the parties in the Yahoo! Inc. Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data.
Continue Reading Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
New Federal Credit Freeze Law Eliminates Fees, Provides for Year-Long Fraud Alerts
Effective September 21, 2018, Section 301 of the Economic Growth, Regulatory Relief, and Consumer Protection Act requires consumer reporting agencies to provide free credit freezes and year-long fraud alerts to consumers throughout the country. …
Continue Reading New Federal Credit Freeze Law Eliminates Fees, Provides for Year-Long Fraud Alerts
Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies
On June 25, 2018, the New York Department of Financial Services issued a final regulation requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity Regulation.
Continue Reading NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies