On Jan. 10, 2019, Massachusetts Gov. Charlie Baker signed legislation that will significantly amend the state’s data breach notification law. The amendments become effective on April 11, 2019....more
The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a...more
According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining...more
As we previously reported, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. ...more
Colorado’s Gov. John Hickenlooper signed a bill that significantly strengthens its current data breach notification requirements and adds new measures designed to enhance protections for consumer data privacy. The new law...more
With a new tax season approaching, companies should be vigilant in guarding against criminals attempting to obtain sensitive information through a variety of scams. Last month, the IRS issued an alert warning consumers of an...more
According to the IRS, the IRS saw the number of businesses, public schools, universities, tribal governments and nonprofits victimized by W-2 scams increase to 200 in 2017 from 50 in 2016. Those 200 victims translated into...more
On Aug. 17, 2017, Delaware revamped its existing data breach notification statute. In doing so, Delaware became the second state (joining Connecticut) to mandate offering individuals affected by a breach of security involving...more
In one of the first Internet of Things (IoT) class action settlements, the maker of a Bluetooth-enabled personal vibrator agreed to settle privacy class claims for $3.75 million.
The We-Vibe product allows a user to...more
On Jan. 18, 2017, the Financial Industry Regulatory Authority (FINRA) became the latest organization to weigh in on distributed ledger technology (DLT), also known as blockchain. Recognizing the growing interest and potential...more
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000...more
On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair”...more
On May 6, 2016, Illinois joined a growing number of states that have strengthened their data breach notification requirements and expanded the definition of protected personal information. Effective January 1, 2017, HB1260...more
Effective July 1, 2016, Tennessee amended its data breach notification statute to require notification of a data breach to affected individuals regardless of whether the personal information involved in the security incident...more
The Consumer Financial Protection Bureau (CFPB) announced on March 2, 2016, that it had entered into a consent order with online payment platform Dwolla to resolve the CFPB’s claims regarding statements made by Dwolla about...more
On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously...more
As U.S. and European regulators and businesses work toward solutions in the wake of last month’s decision by the Court of Justice of the European Union that invalidated the EU-U.S. Safe Harbor framework for cross-border data...more