On December 7, 2023, the Court of Justice of the European Union ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation unless certain conditions are met.
Continue Reading CJEU Rules that GDPR Prohibition on Automated Decision-Making Applies to Credit Scoring

On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history.
Continue Reading Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History

On October 23, 2018, the parties in the Yahoo! Inc. Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data.
Continue Reading Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring

Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches

Effective September 21, 2018, Section 301 of the Economic Growth, Regulatory Relief, and Consumer Protection Act requires consumer reporting agencies to provide free credit freezes and year-long fraud alerts to consumers throughout the country.
Continue Reading New Federal Credit Freeze Law Eliminates Fees, Provides for Year-Long Fraud Alerts