Personally Identifiable Information

On July 22, 2019, the FTC announced that Equifax agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement agreement with the FTC, the CFPB, and 50 U.S. states and territories to resolve investigations into the colossal data breach the company suffered in 2017. This is the largest data breach settlement in U.S. history.
Continue Reading Equifax Agrees to Pay Up to $700 Million to Resolve 2017 Breach, the Largest Data Breach Settlement in U.S. History

On June 28, 2018, the Governor of California signed the California Consumer Privacy Act of 2018. The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. The Act will take effect January 1, 2020.
Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

On June 21, 2018, California lawmakers introduced AB 375, the California Consumer Privacy Act of 2018. If enacted and signed by the Governor by June 28, 2018, AB 375 would introduce key privacy requirements for businesses, but would also result in the removal of a ballot initiative of the same name from the November 6, 2018, statewide ballot.
Continue Reading California Assembly Bill Aims to Avert State Ballot Initiative Related to Privacy

On November 6, 2018, California voters will consider a ballot initiative called the California Consumer Privacy Act. The Act is designed to give California residents the right to request from businesses the categories of personal information the business has sold or disclosed to third parties, with some exceptions.
Continue Reading California Ballot Initiative to Establish Disclosure and Opt-Out Requirements for Consumers’ Personal Information

On September 29, 2017, North Carolina-based technology company Samanage USA, Inc. agreed to a $264,000 settlement with the Vermont Attorney General in relation to a breach that exposed the Social Security numbers of 660 Vermont Health Connect users.
Continue Reading Samanage USA, Inc. Agrees to Pay to Settle Vermont AG’s Data Security Investigation

On August 21, 2017, the United States Court of Appeals for the Eighth Circuit affirmed the dismissal of a putative class action arising from the Scottrade data breach. Notably, however, the Eighth Circuit did not agree with the trial court’s ruling that the plaintiff lacked Article III standing, instead dismissing the case with prejudice for failure to state a claim.
Continue Reading Eighth Circuit Finds Article III Standing Yet Affirms Dismissal of Scottrade Breach Case

Recently, Nevada enacted an online privacy policy law which will require operators of websites and online services to post a notice on their website regarding their privacy practices. Nevada is the third state to enact legislation requiring website operators to post a public privacy notice, following California (enacted in 2004) and Delaware (enacted in 2016).
Continue Reading Nevada Enacts Website Privacy Notice Law