On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record 115 million dollar settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Among other things, the settlement creates a pool of funds to provide credit monitoring and reimbursement for out-of-pocket costs for customers.
Continue Reading Record Data Breach Settlement in Anthem Class Action

On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.
Continue Reading Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing

On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed to properly protect the confidentiality of its customers’ proprietary network information (“CPNI”) and personally identifiable information, and failed to promptly notify law enforcement authorities of security breaches involving CPNI in violation of the Communications Act of 1934 and FCC’s rules.

Continue Reading FCC Reaches Settlement with Cable Operator over Customer Data Breach

Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013.
Continue Reading Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

On November 15, 2013, the People’s Bank of China issued Administrative Measures for Credit Reference Agencies. The measures, which will take effect on December 20, 2013, are intended to enhance the supervision and regulation of credit reference agencies and serve as yet another example of the Chinese government’s increased attention to personal information protection issues.
Continue Reading People’s Bank of China Issues Administrative Measures for Credit Reference Agencies

On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.
Continue Reading Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident