Tag Archives: Personal Information

New York AG Settles with Wireless Lock Maker Over Security Flaws

On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” … Continue Reading

China Publishes Final Measures for Security Reviews of Network Products and Services

On May 2, 2017, the Cyberspace Administration of China published the final version of the Measures for the Security Review of Network Products and Services (for trial implementation), after having published a draft for public comment in February. The Measures provide detailed information about how security reviews will be implemented pursuant to the Cybersecurity Law of China.… Continue Reading

Privacy Compliance Company Agrees to a Settlement with the New York Attorney General

On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.… Continue Reading

New Mexico Enacts Data Breach Notification Law

On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. … Continue Reading

Webinar Recording Available on China’s New Cybersecurity Law

On March 7, 2017, Hunton & Williams LLP hosted a webinar with Beijing partner Bing Maisog on China’s new Cybersecurity Law. China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017.… Continue Reading

FTC Announces Settlement Over Alleged Consent Order Violation

On March 17, 2017, the Federal Trade Commission announced that Upromise, Inc., agreed to pay 500,000 dollars to settle allegations that it violated the terms of a 2012 consent order that required Upromise to provide notice to consumers regarding its data collection and use practices, and obtain third-party audits.… Continue Reading

Home Depot Settles Data Breach Claims

On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.… Continue Reading

Australia Enacts New Data Breach Notification Law

On February 13, 2017, the Parliament of Australia passed legislation that amends the Privacy Act of 1988 and requires companies with revenue over 3 million AUD (2.3 million USD) to notify affected Australian residents and the Australian Information Commissioner in the event of an "eligible data breach."… Continue Reading

European Data Protection Supervisor Publishes Priorities for 2017

On February 15, 2017, the European Data Protection Supervisor published its Priorities for 2017. The EDPS Priorities consist of a note listing the strategic priorities and a color-coded table listing the European Commission’s proposals that require the EDPS’ attention, sorted by level of priority.… Continue Reading

China Publishes Draft Measures for Security Review of Network Products and Services

On February 4, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Review of Network Products and Services. Under the Cybersecurity Law of China, if an operator of key information infrastructure purchases network products and services that may affect national security, a security review is required. The draft is open for comment until March 4, 2017.… Continue Reading

Home Depot Prevails in Shareholder Derivative Lawsuit Over 2014 Data Breach

Recently, the U.S. District Court for the Northern District of Georgia dismissed a shareholder derivative lawsuit against Home Depot Inc. (“Home Depot”) arising over claims that Home Depot’s directors and officers (the “Defendants”) acted in bad faith and violated their duties of care and loyalty by disregarding their oversight duties in connection with a 2014 … Continue Reading
LexBlog