On June 25, 2018, the New York Department of Financial Services issued a final regulation requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity Regulation.
Continue Reading NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies
Credit Monitoring
Record Breach Settlement in Anthem Class Action Receives Judge Approval
On August 25, 2017, U.S. District Judge Lucy Koh signed an order granting preliminary approval of the record class action settlement agreed to by Anthem Inc. this past June.
Continue Reading Record Breach Settlement in Anthem Class Action Receives Judge Approval
Delaware Amends Data Breach Notification Law
On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. …
Continue Reading Delaware Amends Data Breach Notification Law
Record Data Breach Settlement in Anthem Class Action
On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record 115 million dollar settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Among other things, the settlement creates a pool of funds to provide credit monitoring and reimbursement for out-of-pocket costs for customers. …
Continue Reading Record Data Breach Settlement in Anthem Class Action
Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.
Continue Reading Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing
Neiman Marcus Agrees to Settlement in Data Breach Class Action
On March 17, 2017, retailer Neiman Marcus agreed to pay 1.6 million dollars as part of a proposed settlement to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers.
Continue Reading Neiman Marcus Agrees to Settlement in Data Breach Class Action
FCC Reaches Settlement with Cable Operator over Customer Data Breach
On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed to properly protect the confidentiality of its customers’ proprietary network information (“CPNI”) and personally identifiable information, and failed to promptly notify law enforcement authorities of security breaches involving CPNI in violation of the Communications Act of 1934 and FCC’s rules.
Continue Reading FCC Reaches Settlement with Cable Operator over Customer Data Breach
Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident
Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013. …
Continue Reading Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident
People’s Bank of China Issues Administrative Measures for Credit Reference Agencies
On November 15, 2013, the People’s Bank of China issued Administrative Measures for Credit Reference Agencies. The measures, which will take effect on December 20, 2013, are intended to enhance the supervision and regulation of credit reference agencies and serve as yet another example of the Chinese government’s increased attention to personal information protection issues.
Continue Reading People’s Bank of China Issues Administrative Measures for Credit Reference Agencies
Evolving Chinese Regulations Both Expand and Restrict Access to Corporate Information
This blog entry provides an overview of the evolution in Chinese regulation regarding the types of corporate information made available to the public, and how such information may be obtained from government authorities.
Continue Reading Evolving Chinese Regulations Both Expand and Restrict Access to Corporate Information