On September 29, 2017, North Carolina-based technology company Samanage USA, Inc. agreed to a $264,000 settlement with the Vermont Attorney General in relation to a breach that exposed the Social Security numbers of 660 Vermont Health Connect users. … Continue Reading
On September 5, 2017, the FTC announced that Lenovo, Inc. agreed to settle charges that its preloaded software on some laptop computers compromised online security protections in order to deliver advertisements to consumers. … Continue Reading
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading
On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. … Continue Reading
On October 14, 2016, California Attorney General Kamala D. Harris announced the release of an online form that will enable consumers to report potential violations of the California Online Privacy Protection Act. … Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
On December 15, 2015, the California Attorney General announced an approximately 25 million dollar settlement with Comcast Cable Communications, LLC stemming from allegations that Comcast disposed of electronic equipment (1) without properly deleting customer information from the equipment and (2) in landfills that are not authorized to accept electronic equipment.… Continue Reading
The Federal Trade Commission recently announced that LifeLock, Inc., has agreed to pay 100 million USD to settle contempt charges for deceptive advertising.… Continue Reading
On October 2, 2015, California Attorney General Kamala D. Harris announced that her office settled a lawsuit against an online home design company, Houzz Inc., stemming from allegations that the company impermissibly recorded phone calls without appropriately notifying the parties to the calls.… Continue Reading
On July 1, 2015, Connecticut's governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state's data breach notification law and imposes certain data security requirements on health insurers and state contractors.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
On February 23, 2015, the Wyoming Senate approved a bill that adds data elements to the definition of "personal identifying information" in the state's data breach notification statute. The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill that adds content requirements to the notice that breached entities must send affected Wyoming residents. … Continue Reading
On January 21, 2015, the FTC announced that a U.S. District Court recently granted partial summary judgment to the federal government in its action against Dish Network alleging that the company placed calls to the National Do-Not-Call Registry and an entity's internal Do-Not-Call list in violation of the Telemarketing Sales Rule.… Continue Reading
On December 18, 2014, the Financial Crimes Enforcement Network issued a 1 million USD civil penalty against the former Chief Compliance Officer of MoneyGram International, Inc. based on allegations that the company inadequately responded to consumer fraud complaints and failed to meet its legal obligations under the Bank Secrecy Act.… Continue Reading
On November 21, 2014, Massachusetts Attorney General Martha Coakley announced that Boston hospital Beth Israel Deaconess Medical Center has agreed to a settlement related to a data breach that affected the personal and protected health information of nearly 4,000 patients and employees. … Continue Reading
On October 28, 2014, California Attorney General Kamala D. Harris announced the release of the second annual California Data Breach Report, which provides information on data breaches reported to the Attorney General in 2012 and 2013.… Continue Reading
On October 10, 2014, TD Bank entered into an assurance of voluntary compliance to settle claims by a multistate group of nine attorneys general that the company violated state consumer protection and personal information safeguards laws in connection with a 2012 data breach.… Continue Reading
On October 14, 2014, rent-to-own retailer Aaron’s, Inc. (“Aaron’s”) entered into a $28.4 million settlement with the California Office of the California Attorney General related to charges that the company permitted its franchised stores to unlawfully monitor their customers’ leased laptops.… Continue Reading
On September 8, Vermont Attorney General William Sorrell announced that SEI/Aaron's, Inc. has entered into an assurance of discontinuance to settle charges over the company's remote monitoring of its customers’ leased laptops.… Continue Reading
On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading
On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading
On November 13, 2013, Google entered into a $17 million settlement agreement with the attorneys general from 37 states and the District of Columbia related to allegations that the company bypassed users’ cookie-blocking settings on Apple’s Safari browser in 2011 and 2012. The settlement requires Google to refrain from bypassing cookie controls in the future … Continue Reading
