News & Analysis as of

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

How Much Are You Willing To Pay For Privacy?

How much are you willing to pay for personal privacy? 50% off a McDonald’s hamburger? 20% off groceries? Participation in the $1 Billion NCAA Tournament Bracket Challenge?...more

EDRM Releases A New Model For Analyzing Private Data

Recent high-profile data breaches have placed security of personally identifiable information (PII) at the forefront of many organizations’ concerns. Protecting PII and other private data can be a significant undertaking....more

Over 20 Million Customer Accounts Affected by Data Breaches in California; Attorney General Harris Promises Increased Enforcement

When you think of catastrophic events that take place online and have a devastating effect on millions of people, you probably think of HBO Go crashing during the True Detective finale. However, California Attorney General...more

Five Reasons Why The Sony Data Breach Coverage Decision Is Wrong

Five Reasons Why The Sony Data Breach Coverage Decision Is Wrong On Friday February 21st, a New York trial court judge let Sony’s insurers, Zurich American Insurance Co. and Mitsui Sumitomo Insurance Co., off the coverage...more

Target Data Breach: Dangerous Credit

In December, retail giant Target Brands, Inc. revealed it had suffered a data breach affecting approximately 40 million customers across the country. The breach occurred between November 27 and December 15 of last year....more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

Failure To Protect Data May Be an Unfair Business Practice

The Federal Trade Commission (FTC) has announced settlement of charges against Accretive Health, Inc. The FTC had alleged that Accretive engaged in an unfair business practice when it failed "to employ reasonable and...more

FTC Continues Aggressive FCRA Enforcement against Data Brokers

The Federal Trade Commission continues to aggressively enforce the Fair Credit Reporting Act (FCRA) against data brokers, as shown by its recent settlement with TeleCheck Services, Inc. The settlement requires TeleCheck to...more

Damages Issues Again Thwart the Bulk of Plaintiffs’ Claims in the PlayStation Network Data Breach Class Action

In the latest chapter in the Sony PlayStation Network (“PSN”) data breach saga, a decision that issued on January 21, 2014 permanently dismissed all but a handful of the class action claims advanced in a 51 count complaint. ...more

FTC and Accretive Health Settle Unfair Business Practice Complaint Centered on Data Security Measures

Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more

Guidance on Personal Data Used in Advertising in Germany

German data protection authorities published new guidelines in December 2013 about the collection and processing of personal data for advertising purposes. The 2013 advertising guidelines (available here in German)...more

Retail Industry On High Alert In Wake Of Security Breaches

The massive cyber-security breach at Target put the company in the media spotlight with as many as 110 million customers potentially at risk. With another security breach reported at Neiman Marcus, dozens of lawsuits have...more

Connecticut Appellate Court Affirms Denial of Coverage Under CGL Policy for Data Breach

As more data breaches and information security events occur, the insurance industry will see more disputes over whether losses from these events are covered under commercial general liability (CGL) policies. In the latest...more

House and Senate Committees to Hold Data Breach Hearings in February

In the wake of recent data breaches at major retailers Target and Neiman Marcus, Senate Judiciary Chairman Patrick Leahy (D-VT) has renewed his efforts to enact stronger data security requirements for companies that collect...more

California’s Do Not Track Amendments

Effective January 1, 2014, amendments to the California Online Privacy Protection Act (“CalOPPA”) require all commercial websites and online services that collect personally identifiable information (“PII”) to include...more

California's Do Not Track Disclosure Bill

As of January 1, 2014, California law requires operators of websites and online services to publicly disclose how they respond to "do not track" (dnt) signals, though the exact requirements vary depending on whether an entity...more

New Law Requires Certain Vendors to Expand Their Privacy Policies

A recent amendment to the California Online Privacy Protection Act of 2003 (“CalOPPA”) will require certain owners and operators of commercial websites and online service providers to change their posted privacy policies to...more

New Personal Data Protection Law

On 21 May 2013, the Parliament of the Republic of Kazakhstan adopted the Law “On Personal Data” (the “Personal Data Law”), which entered into force on 25 November 2013. The Personal Data Law affects all commercial and...more

Renewed Congressional Interest in Federal Data Security and Breach Notification Legislation

In light of recent, well-publicized, data security breaches at major retailers and social media company Snapchat, legislators are renewing the call for new federal laws that would strengthen data security and notification...more

The Number of The Day: 70 Million (at least)

The Target data breach story keeps getting worse. The December pre-Christmas disclosure was the theft of up to 40 million Target shoppers’ credit and debit card information in what appeared to have been a hack of the Target...more

New Jersey Federal Court Applies Supreme Court’s Clapper Decision and Dismisses Data Breach Class Action

Relying in part on the recent United States Supreme Court’s ruling in Clapper v. Amnesty International, a federal judge in New Jersey dismissed a putative data breach class action against three healthcare entities and a...more

California Appeals Court Holds Injury Required For Standing Under State Shine The Light Law

Recently, the California Court of Appeals, Second District, held that a plaintiff must have suffered a statutory injury to have standing to pursue a cause of action under the state’s “Shine the Light Act” (SLA). Boorstein v....more

International Privacy - 2013 Year in Review

2013 was a year in contrasts within data privacy. To begin with the “normal” course, Canada sought (but failed) to pass a mandatory breach notification amendment to its federal privacy law, and Uruguay acceded to the European...more

International Privacy - 2013 Year in Review - Ukraine

Ukraine privacy law is undergoing a dramatic shift with its introduction of new legislation, “On Amending Certain Legislative Acts of Ukraine Regarding Improving the System of Personal Data Protection,” enacted on July 3,...more

221 Results
|
View per page
Page: of 9