On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.
Continue Reading Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident
Credit Monitoring
Third Circuit Holds Data Breach Plaintiffs Lack Standing
Posted on
On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that its customers’ employees did not have standing to sue Ceridian Corporation, a payroll processing firm that suffered a data breach. …
Continue Reading Third Circuit Holds Data Breach Plaintiffs Lack Standing
Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act
Posted on
On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.
…
Continue Reading Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act
Legislatures and the EEOC Shine Spotlight on Credit Checks
Posted on
Posted in FCRA, Workplace Privacy
As reported in Hunton & Williams’ Employment & Labor Perspectives blog:
A commonly used pre-employment screening method–conducting credit checks–has drawn increased scrutiny in recent months. Legislatures at the state and federal levels are considering bills that would limit employer use of credit checks. Moreover, two recently-filed lawsuits, one of which was filed by the EEOC, seek to challenge the use of pre-employment credit checks in hiring decisions. …
Continue Reading Legislatures and the EEOC Shine Spotlight on Credit Checks
ILITA Issues Restrictions on Financial Institutions
Posted on
Posted in Financial Privacy, International
The Israeli Law, Information and Technology Authority has issued a new instruction restricting financial institutions from using information concerning writs of execution issued against a client to deny the client credit or to adjust the client’s insurance premiums.
…
Continue Reading ILITA Issues Restrictions on Financial Institutions
Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement
Posted on
On August 18, 2010, Connecticut’s Insurance Department published new regulations requiring entities subject to its jurisdiction to report any information security incident affecting Connecticut residents within five days of discovery.
…
Continue Reading Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement
Data Breach: Identity Theft Risk Insufficient to Support Claims
Posted on
The mere increased risk of identity theft following a data breach is sufficient to give the data subjects standing to bring a lawsuit in federal court but, absent actual identity theft or other actual harm, claims against the data owner and its service provider for negligence and breach of contract cannot survive, a federal judge ruled this month. Ruiz v. Gap, Inc., et al., No. 07-5739 SC (N.D. Cal. April 6, 2009).
Plaintiff Joel Ruiz brought a putative class action against Gap, Inc. and its service provider Vangent, Inc. after a thief stole a laptop computer from Vangent containing unencrypted Social Security numbers and other personal information of Ruiz and approximately 750,000 other Gap job applicants. Shortly after the theft, Gap notified Ruiz and the other applicants of the breach and offered them 12 months of free credit monitoring and fraud assistance. Ruiz sought damages under various theories, including negligence (failure to exercise due care to protect the data) and breach of contract (breach of the security provisions of Gap’s contract with Vangent, under the theory that Ruiz was a third-party beneficiary of the contract).…
Continue Reading Data Breach: Identity Theft Risk Insufficient to Support Claims