On November 21, 2018, the Supreme Court of Pennsylvania found that a putative class action against UPMC by current and former employees should not have been dismissed. Employers have common law duty to use reasonable care to safeguard its employees’ sensitive personal information that it stores on Internet-accessible computer systems, and Pennsylvania’s economic loss doctrine did not bar the plaintiffs’ negligence claim.
Continue Reading

On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading

On September 26, 2018, the U.S. District Court for the District of Colorado refused to dismiss all putative class claims against Chipotle Mexican Grill, Inc. This litigation arose from a 2017 data breach in which hackers stole customers’ payment card and other personal information by using malicious software to access the point-of-sale systems at Chipotle’s locations.
Continue Reading

On September 26, 2018, Uber Technologies Inc. agreed to a settlement with all 50 U.S. state attorneys general in connection with a 2016 data breach affecting the personal information (including driver’s license numbers) of approximately 607,000 Uber drivers nationwide, as well as approximately 57 million consumers’ email addresses and phone numbers.
Continue Reading

On August 30, 2018, Apple announced a June update to its App Store Review Guidelines that will require each developer to provide its privacy policy as part of the app review process and include in such policy specific content requirements. Effective October 3, 2018, all new apps and app updates must include a link to the developer’s privacy policy before they can be submitted for distribution to users through the App Store or through TestFlight external testing.
Continue Reading