Tag Archives: Personally Identifiable Information

FCC Reaches Settlement with Cable Operator over Customer Data Breach

On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed … Continue Reading

SEC Announces Settlement Order and Publishes Investor Alert

On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading

Delaware Governor Signs Set of Online Privacy Bills

Delaware Governor Jack Markell recently signed four bills into law concerning online privacy. The bills, drafted by the Delaware Attorney General, focus on protecting the privacy of website and mobile app users, children, students and crime victims.… Continue Reading

Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor

On February 23, 2015, the Wyoming Senate approved a bill that adds data elements to the definition of "personal identifying information" in the state's data breach notification statute. The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill that adds content requirements to the notice that breached entities must send affected Wyoming residents. … Continue Reading

Federal District Court Grants Motion to Dismiss a Class Action Alleging Impermissible Sharing of Personal Information Under the Video Privacy Protection Act

On October 8, 2014, the United States District Court for the Northern District of Georgia granted Cartoon Network, Inc.’s (“Cartoon Network’s”) motion to dismiss a putative class action alleging that Cartoon Network’s mobile app impermissibly disclosed users’ personally identifiable information (“PII”) to a third-party data analytics company under the Video Privacy Protection Act (“VPPA”).… Continue Reading

Delaware Enacts New Data Destruction Law

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading

Florida Amends Breach Notification Law to Cover Health Data, Tighten Notice Deadline and Require State Regulator Notification

On June 20, 2014, Florida Governor Rick Scott signed a bill that repeals and replaces the state's existing breach notification statute to cover health information and online account credentials, impose a 30-day notification timing requirement and require notification to the state regulator for breaches affecting 500 or more residents. The amendment took effect on July 1, 2014. … Continue Reading

FTC Issues Report on Data Broker Industry, Recommends Legislation

On May 27, 2014, the Federal Trade Commission announced the release of a new report recommending that Congress consider enacting legislation that would increase transparency in the data broker industry and give consumers more control over how data brokers collect and share their personal information. … Continue Reading

Kentucky Enacts Data Breach Notification Law

On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading

Australian Data Breach Notification Bill Re-Introduced

On March 20, 2014, a breach notification bill was re-introduced in the Australian Senate after having lapsed at the end of the previous Parliament. If passed, the bill would impose a mandatory breach notification requirement for data breaches that pose a "real risk of serious harm" to affected individuals. … Continue Reading

FTC Acts on Several Industry COPPA Proposals

The Federal Trade Commission recently acted on three industry proposals in accordance with the new Children's Online Privacy Protection Rule that came into effect July 1, 2013. Specifically, the FTC determined that it was unnecessary to rule on a proposed parental consent mechanism, approved a proposed "safe harbor" program and is seeking public comment on a separate proposed "safe harbor" program.… Continue Reading