On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. … Continue Reading
On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches. The 16-page guide details steps businesses should take once they become aware of a potential breach. The guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.… Continue Reading
On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
In this first segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto describes the dramatic changes in the legal landscape of privacy over the last 10 to 15 years. View the video recording now. … Continue Reading
In a recent article published by Corporate Counsel, Hunton & Williams partner Lisa Sotto and associate Ryan Logan discuss the privacy and data security-related legal issues that arise in corporate transactions, and provide a how-to guide on addressing those issues during the various stages of a transaction.… Continue Reading
On December 9, 2015, the FTC announced that Wyndham Worldwide Corporation settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices.… Continue Reading
On December 4, 2015, President Obama signed the Fixing America’s Surface Transportation Act into law, which modifies the annual privacy notice requirement under the Gramm-Leach-Bliley Act.… Continue Reading
On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading
On August 24, 2015, the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, affirming the Federal Trade Commission's authority to regulate companies' data security practices under the unfairness prong of Section 5 of the FTC Act.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On March 3, 2015, the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp. on whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
On January 12, 2015, Senator James Merritt (R-Indianapolis) introduced a new security breach bill that would impose substantial new privacy obligations on companies holding the personal data of Indiana residents.… Continue Reading
On October 20, 2014, the Consumer Financial Protection Bureau announced that it has finalized a rule that enables financial institutions to publish their financial privacy notices online instead of mailing them to their customers.… Continue Reading
On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading
On May 6, 2014, the Consumer Financial Protection Bureau announced a new proposed rule that would permit certain financial institutions to post online privacy notices instead of mailing them annually to customers as required under the Gramm-Leach-Bliley Act.… Continue Reading
On November 7, 2012, the Federal Trade Commission settled charges with payday lending and check cashing companies alleged to have improperly disposed of consumers’ financial information in unsecured dumpsters. … Continue Reading
On October 26, 2012, the Federal Trade Commission finalized its settlement agreements with two businesses that allegedly exposed thousands of customers’ sensitive personal information by allowing peer-to-peer file-sharing software to be installed on their company computer systems.… Continue Reading
Earlier this year, the Consumer Financial Protection Bureau published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions.… Continue Reading
On June 15, 2012, Connecticut Governor Dannel Malloy approved amendments to the state’s breach notification law requiring businesses to notify the state Attorney General in the event of a data security breach. One week later, Senator Pat Toomey (R-PA) introduced the Data Security and Breach Notification Act of 2012 in an effort to create a national breach notification standard.… Continue Reading
On June 7, 2012, the Federal Trade Commission announced settlement agreements with two businesses for allegedly compromising the security of consumer personal information by allowing peer-to-peer file-sharing software to be installed on company computers. One of the companies also was charged with violations of the GLB Safeguards Rule and Privacy Rule.… Continue Reading
On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.
… Continue Reading
On February 11, 2011, California Representative Jackie Speier introduced the Do Not Track Me Online Act of 2011, which would direct the FTC to establish standards for a "Do Not Track" mechanism, and the Financial Information Privacy Act of 2011, which would strengthen regulations related to the disclosure of nonpublic personal information.
… Continue Reading
