On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach.
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
Social Security Number
FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
On March 15, 2022, the FTC announced a proposed settlement with custom merchandise platform CafePress in connection with the company’s alleged failure to implement reasonable security measures, and its alleged attempt to cover up a 2019 data breach. …
Continue Reading FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information
Earlier this month, the Federal Trade Commission reached a $1.5 million settlement with loan application company ITMedia Solutions LLC over alleged violations of the FTC Act and Fair Credit Reporting Act. The FTC alleged that ITMedia deceptively acquired and indiscriminately shared consumers’ sensitive personal information under the guise of connecting them with lenders.
Continue Reading FTC Settles with Loan Application Company Over Alleged Misuse of Sensitive Personal Information
NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation
Earlier this month, the New Jersey Acting Attorney General Andrew Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with three New Jersey-based providers of cancer care over alleged failures to adequately safeguard patient data.
Continue Reading NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation
New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic
On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal HIPAA’s Privacy and Security Rules by removing protected health information safeguards.
Continue Reading New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic
Texas Amends Breach Notification Law to Require Public Reporting of Breach Notices
On June 14, 2021, Texas Governor Greg Abbott signed HB 3746, a bill amending Texas’s data breach notification law.
Continue Reading Texas Amends Breach Notification Law to Require Public Reporting of Breach Notices
SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure
On June 15, 2021, the SEC announced it settled charges against real estate services company First American Financial Corporation (“First American”) for alleged violation of Rule 13a-15(a) of the Exchange Act. The SEC charged First American with failure to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning a software vulnerability that led to a cybersecurity incident was filed with the Commission.
…
Continue Reading SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure
42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
BREAKING: Californians for Consumer Privacy Introduces California Privacy Rights Act for November 2020 Ballot
On May 4, 2020, Californians for Consumer Privacy (the group behind the ballot initiative that inspired the CCPA) announced that it had collected over 900,000 signatures to qualify the California Privacy Rights Act for the November 2020 ballot. …
Continue Reading BREAKING: Californians for Consumer Privacy Introduces California Privacy Rights Act for November 2020 Ballot