Identity Theft Personally Identifiable Information

News & Analysis as of

Scottrade announces data breach affecting 4.6M customers

Scottrade, a retail brokerage firm, announced late last week that it suffered an intrusion by cyber hackers who stole client contact information of 4.6 million customers. The intrusion occurred between late 2013 and early...more

Court Grants Standing Against Coca-Cola Employer for Breach of Employee Information

The decision does not change the law on what is necessary to prove standing, although it does reinforce the notion that a plaintiff will have standing if he or she can allege a concrete injury. In the latest in a slew of...more

SEC Brings First Cybersecurity Enforcement Proceeding in Wake of Risk Alert

Highlights Areas of High Risk and Examination Priorities for Financial Industry Firms - On September 15, the U.S. Securities and Exchange Commission’s (SEC’s) Office of Compliance, Inspections and Examinations (OCIE),...more

Trump Hotel Collection Confirms Year-Long Data Breach

Trump Hotel Collection, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump, has confirmed a data security breach involving malware that the company says...more

SEC Steps Up Cybersecurity Enforcement

September has been a busy month for the SEC in addressing cybersecurity. In the span of a week, the SEC issued a new alert in connection with its cybersecurity examination of Wall Street firms, entered a Cease and Desist...more

Pennsylvania Data Breach Class Action Survives Motion to Dismiss

A federal judge in Pennsylvania has allowed a data breach class action against Coca-Cola and several bottling companies to proceed, finding that the plaintiff has Article III standing even though he had left Coca-Cola’s...more

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back room for the IT...more

SEC Penalizes Investment Adviser over Inadequate Cyber-Risk Program Prior to Data Breach

On September 22, the SEC ordered a Missouri-based investment adviser to pay a $75,000 penalty, settling allegations that the investment adviser failed to implement required written cybersecurity policies and procedures prior...more

Data Breach Class Claims Survive Clapper

On appeal to the Seventh Circuit, a three-judge panel opinion written by Chief Judge Woods reversed the lower court. Remijas v. Neiman Marcus Group, LLC, No. 14-3122, 2015 WL 4394814, at *3 (7th Cir. July 20, 2015). The panel...more

Weekly Privacy Tip#2 – Protecting your (and your employees’ and customers’) Social Security numbers

Social Security numbers are one of the highest risk data elements known to mankind. A Social Security number in combination with a name and date of birth (which are publicly accessible) in the hands of a bad person can...more

Advocate Health class action lawsuit trimmed

Last week, an Illinois judge dismissed with prejudice five of the six claims levied against Advocate Health Care in a consolidated case of ten cases filed against it following the data breach it experienced in July of 2013...more

OPM data breach update–$133 million contract awarded to vendor

The Office of Personnel Management (OPM) and the Defense Department announced this week that a Portland, OR based vendor has been selected to assist with breach notification and credit assistance for the almost 22 million...more

Sony: Stipulation Announces (but does not disclose) Employee Data Breach Class Settlement

This Is The End? - Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more

IRS Releases Guidance on Taxability of Identity Protection Services

As companies and governmental entities increasingly do business and store sensitive information in online or cloud-based environments, the risk of improper disclosure continues to grow. The unprecedented breach of the United...more

Data processing company hit with class action lawsuit for data breach and Judge denies class certification the next day

Advanced Data Processing, Inc. and Intermedix Corp. were sued in federal court in Florida last week for violating the Health Insurance Portability and Accountability Act (HIPAA) for failing to protect the health information...more

Three Delaware Privacy Bills Businesses Should Know About

The News Journal article highlighted passage by the Delaware legislature in 2014 of House Bill 295, now codified as 6 Del. C. §5001C et seq.: Safe Destruction of Records Containing Personal Identifying Information. Much of...more

State Law Roundup: Legislatures Across the U.S. Revamp Data Breach Notification Laws

As the number of highly publicized data breaches continues to skyrocket and proposals for a federal data breach notification law stagnate, state legislatures around the country have been busy amending their own breach...more

China Proposes Draft Privacy Legislation with Significant Potential Implications

On July 6, 2015, China’s legislature, the National People’s Congress (NPC), circulated for comment two pieces of draft legislation with significant potential implications for data privacy and data security in China. Comments...more

With No Federal Law in Sight, States Continue to Refine Their Own Data Privacy Laws

With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more

UCLA Health System announces data breach affecting 4.5 million patients and medical providers

Adding to the long list of cyber hacking victims, the UCLA Health System announced on Friday (July 17, 2015) that it confirmed on May 5, 2015 that a cyber-attacker had accessed parts of UCLA Health’s network back to September...more

You Can’t Just WISPer – Employers Must Publish or Display Security Policies

WISP is the acronym for Written Information Security Policy. The information at issue is an individual’s personal information and identifiers, such as a Social Security number, driver’s license number, credit or debit card...more

State Attorneys General Ask Congress Not To Preempt Breach Notification Laws

In the wake of recent, large-scale data breaches, several pieces of legislation have been introduced in Congress to establish a national data breach notification law, including a House bill that would preempt the current...more

Rhode Island Governor Signs Comprehensive Identity Theft Protection Act

On June 26, Rhode Island Governor Gina Raimondo (D) signed into law Senate Bill 0134, the Rhode Island Identity Theft Protection Act of 2015 (the Act), which clarifies data security measures, expands protection to health data...more

Army National Guard announces data breach affecting both current and former members

On July 10, 2015, the Army National Guard announced a breach of its current and former members’ personal information, dating back to 2004. The breach occurred when files containing personal information were accidentally...more

Data Breach Decisions Setting A Higher Threshold For Standing For Plaintiffs Do Not Mean Businesses Are Off The Hook

There are only two types of companies left in the United States: those that have been hacked and those that will be hacked. In the last year alone, forty-three percent (43%) of U.S. companies experienced a data breach,...more

62 Results
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.