On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. … Continue Reading
On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record 115 million dollar settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Among other things, the settlement creates a pool of funds to provide credit monitoring and reimbursement for out-of-pocket costs for customers. … Continue Reading
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.… Continue Reading
On March 17, 2017, retailer Neiman Marcus agreed to pay 1.6 million dollars as part of a proposed settlement to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers.… Continue Reading
On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed … Continue Reading
Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013. … Continue Reading
On November 15, 2013, the People's Bank of China issued Administrative Measures for Credit Reference Agencies. The measures, which will take effect on December 20, 2013, are intended to enhance the supervision and regulation of credit reference agencies and serve as yet another example of the Chinese government’s increased attention to personal information protection issues.… Continue Reading
This blog entry provides an overview of the evolution in Chinese regulation regarding the types of corporate information made available to the public, and how such information may be obtained from government authorities.… Continue Reading
On June 11, 2013, a federal appeals court denied a petition to reverse class certification in a class action lawsuit alleging that an analytics company’s downloadable software surreptitiously collected data from consumers.… Continue Reading
On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.… Continue Reading
On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that its customers’ employees did not have standing to sue Ceridian Corporation, a payroll processing firm that suffered a data breach. … Continue Reading
On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.
… Continue Reading
As reported in Hunton & Williams’ Employment & Labor Perspectives blog: A commonly used pre-employment screening method–conducting credit checks–has drawn increased scrutiny in recent months. Legislatures at the state and federal levels are considering bills that would limit employer use of credit checks. Moreover, two recently-filed lawsuits, one of which was filed by the EEOC, … Continue Reading
The Israeli Law, Information and Technology Authority has issued a new instruction restricting financial institutions from using information concerning writs of execution issued against a client to deny the client credit or to adjust the client's insurance premiums.
… Continue Reading
On August 18, 2010, Connecticut's Insurance Department published new regulations requiring entities subject to its jurisdiction to report any information security incident affecting Connecticut residents within five days of discovery.
… Continue Reading
The mere increased risk of identity theft following a data breach is sufficient to give the data subjects standing to bring a lawsuit in federal court but, absent actual identity theft or other actual harm, claims against the data owner and its service provider for negligence and breach of contract cannot survive, a federal judge … Continue Reading