Effective July 1, 2022, owners of personally identifiable information on residents of Indiana must provide notice of a data breach no later than 45 days after discovering of the breach. Currently, Indiana’s data breach law...more
The California Consumer Privacy Act (CCPA) imposes significant protections for California residents covered by the law, and significant burdens for companies required to comply with it. One area of concern is whether the CCPA...more
10/4/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Employer Liability Issues ,
Employment Records ,
Exceptions ,
Job Applicants ,
Opt-Outs ,
Personal Data
On April 16, 2019, Representatives Saine, Jones and Reives introduced House Bill 904, the long anticipated amendments to the North Carolina Identity Theft Protection Act, N.C. Gen. Stat. § 75-61 et seq.. We first wrote about...more
4/17/2019
/ Amended Legislation ,
Consumer Reporting Agencies ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Identity Theft ,
Notification Requirements ,
Popular ,
State Data Breach Notification Statutes ,
Unfair or Deceptive Trade Practices
Recently the state of New Mexico enacted the Data Breach Notification Act, making it the 48th state in the United States to enact a statute requiring notice to individuals impacted by a data breach. In doing so, New Mexico...more
We don’t see a lot of data breach litigation here in the Fourth Circuit. So it is notable that the Fourth Circuit Court of Appeals issued an opinion yesterday that weighs in on the standing debate (For more on the debate:...more
2/9/2017
/ Administrative Procedure Act ,
Article III ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
Motion to Dismiss ,
Privacy Laws ,
Standing ,
Subject Matter Jurisdiction ,
Substantial Risk of Harm ,
Summary Judgment
A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss...more
1/18/2017
/ Article III ,
Clapper v. Amnesty International ,
Cybersecurity ,
Data Breach ,
FACTA ,
Injury-in-Fact ,
SCOTUS ,
Split of Authority ,
Spokeo v Robins ,
Standing ,
Statutory Damages ,
Statutory Violations ,
Substantial Risk of Harm
Cyber-Monday sales weren’t the only good thing that happened for consumers last week. Later in the week a federal judge in Minnesota thwarted Target’s attempt to dismiss a lawsuit brought by banks and credit unions arising...more