Several states have clarified or tightened their data breach notification statutes since we last updated the Mintz Matrix at the beginning of the year. Please click here for the latest edition of the Mintz Matrix, which is a...more
The Federal Trade Commission (“FTC”) announced on Monday that it is settling a case against Drizly and its CEO stemming from a 2020 data breach that impacted roughly 2.5 million consumers. The proposed order not only...more
10/31/2022
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Personal Data ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement
It’s been a busy 2021 legislative session for changes to data breach laws, and that means it is time to review and update your incident response plans. Several states have shortened data breach notification timelines or...more
There is a pattern here. Long holiday weekends make for ransomware attacks and data breaches. It is well-known that malicious actors take advantage of understaffed IT resources on holidays. In fact, it’s become such a common...more
9/3/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
FBI ,
Hackers ,
Holidays ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Risk Management
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting...more
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting...more
Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to...more
The Home Depot, Inc. (“Home Depot”) recently entered into a multi-state Assurance of Voluntary Compliance with Attorneys General of 46 states and the District of Columbia (the “Settlement”) stemming from a massive 2014 data...more
12/3/2020
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Home Depot ,
Personal Information ,
Popular ,
Settlement ,
State Attorneys General
The New York State Department of Financial Services (“NYDFS”) has announced its first enforcement action of NYDFS’ Cybersecurity Regulation, Part 500 of Title 23 (“Cybersecurity Regulation”) against First American Title...more
Online stationery and craft company Minted Inc. has been hit with a CCPA class action lawsuit, stemming from a massive data breach the company disclosed in late May. The proposed class action lawsuit, filed in a California...more
6/17/2020
/ Breach of Implied Contract ,
California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Putative Class Actions ,
State Attorneys General ,
Unfair Competition Law (UCL)
In an unprecedented ruling, one federal court recently held that the work product doctrine does not protect the expert cybersecurity report prepared after a data breach. The court ordered the release of the unredacted...more
If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up. After January 14, 2020, Microsoft will stop pushing out security updates to Windows...more
Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of...more
12/23/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
DPPA ,
Fair Credit Reporting Act (FCRA) ,
GLBA Privacy ,
Personal Information ,
Private Right of Action ,
State Attorneys General
Because the term “consumer” is so broad in the CCPA (remember: it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board. After much...more
12/20/2019
/ Amended Legislation ,
B2B Organizations ,
B2B Transactions ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Privacy Rights ,
Job Applicants ,
Personal Information
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in...more
8/2/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Credit Monitoring ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Fund Distribution ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
The Federal Trade Commission (“FTC”), the Consumer Financial Protection Bureau, and 50 U.S. states and territories, have reached a global settlement agreement with Equifax Inc. (“Equifax”), according to which, Equifax agreed...more
7/31/2019
/ Civil Penalty Fund ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Settlement Agreements ,
Unfair or Deceptive Trade Practices
Significant changes to the Massachusetts data breach notification law take effect on April 11, 2019. You can view the amendment here. If you haven’t looked at your written information security plan, or WISP, in a while, now’s...more
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more
11/16/2018
/ Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
Recently, a new bill was signed by Colorado Governor John Hickenlooper, creating far reaching new requirements for entities that collect or maintain personal identifying information of Colorado residents. These requirements,...more
6/7/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Governor Hickenlooper ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
With the recent enactment of data breach notification laws in South Dakota and Alabama, all 50 US states now have laws regulating data breach notification. We’ve updated the Mintz Matrix (maintained by the Mintz Privacy Team...more
5/1/2018
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
State and Local Government ,
State Data Breach Notification Statutes
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October...more
4/23/2018
/ Cloud Storage ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Notification Requirements ,
Personally Identifiable Information ,
Popular ,
Recordkeeping Requirements ,
Reporting Requirements ,
Settlement Agreements ,
Third-Party Service Provider ,
Uber
Letter from the Editors -
As Tolstoy once wrote, “Spring is the time of plans and projects.” Hopefully, the snows of winter are finally behind us, and it’s time to look forward, build, and create! We at Mintz Levin continue...more
“Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (50 days and counting…) and its codification of...more
4/5/2018
/ Cybersecurity ,
Data Breach ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018.
Things to take note of under the Alabama law...more
Only one U.S. state without a data breach notification law, that is.
South Dakota as become the 49th state to enact a data breach notification law, which take effect on July 1. The South Dakota law follows the pattern...more