On December 4, 2018, the New York Attorney General announced that Oath Inc. agreed to pay New York a $4.95 million civil penalty following allegations that it had violated the Children’s Online Privacy Protection Act. This is the largest-ever COPPA penalty.
Continue Reading AOL Successor Agrees to Pay $4.95 Million in COPPA Enforcement Action

On August 28, 2018, plaintiffs filed a class action lawsuit against Nielsen Holdings PLC and some of its officers and directors for making allegedly materially false and misleading statements to investors about the impact of privacy regulations and third-party business partners’ privacy policies on the company’s revenues and earnings.
Continue Reading Plaintiffs File Class Action Lawsuit Against Nielsen Over Alleged False and Misleading Statements

On June 27, 2018, Equifax entered into a consent order with 8 state banking regulators, including those in New York and California, arising from the company’s 2017 data breach that exposed the personal information of 143 million consumers.
Continue Reading Equifax Enters Into Consent Order with State Banking Regulators Regarding 2017 Data Breach

On June 25, 2018, the New York Department of Financial Services issued a final regulation requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity Regulation.
Continue Reading NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies

On January 23, 2018, the New York Attorney General announced that Aetna Inc. agreed to pay 1.15 million dollars and enhance its privacy practices following an investigation alleging it risked revealing the HIV status of 2,460 New York residents by mailing them information in transparent window envelopes.
Continue Reading Aetna Agrees to $1.15 Million Settlement with New York Attorney General

On January 22, 2018, the New York Department of Financial Services issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.
Continue Reading NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

On October 31, 2017, the New York and Vermont Attorneys General announced a settlement with Hilton Domestic Operating Company, Inc., to settle allegations that the company lacked reasonable data security and waited too long to report a pair of 2015 data breaches, which exposed over 350,000 credit card numbers.
Continue Reading Hilton Agrees to Settle Data Breach-Related Claims by NY and VT Attorneys General