Personally Identifiable Information

News & Analysis as of

FTC May Have Authority to Regulate Companies’ Data Security Practices

Between 2008 and 2010, hackers stole credit card information from the computer network of Wyndham Hotels & Resorts LLC (“Wyndham”), which affected hundreds of thousands of Wyndham’s customers in the process. The Federal Trade...more

PCI Security Standards Council Announces Revisions to the use of SSL

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard...more

Sony and Its Insurers Wrangle over Coverage for Data Breach

According to a Law360 report, Sony Corp.’s lawyers recently asked a New York appeals court to overturn a trial court’s ruling that a data breach did not involve the “publication” of private information within the meaning of...more

A Gift for New Jersey Gift Card Issuers and Retailers: Consumer Data Collection Requirements Eliminated by S.B. 2235

Retailers and issuers of gift cards in New Jersey recently received welcome news: they no longer have to worry about looming consumer data collection requirements. Under existing law, beginning in July 2016, gift card (also...more

President Obama’s Proposed Privacy Bill of Rights, Part 1: Personal Data, De-Identification, and Retention Requirements

On Friday, Feb. 27, the Obama administration unveiled a proposed Consumer Privacy Bill of Rights that would require businesses to be more transparent in privacy practices, and provide individuals certain rights aimed at...more

Update: Transaction Processors Appeal Order Denying Third-Party Fees after Cyber Attack

In early February, this blog discussed a case involving a grocery store chain that was a victim of a cyber-attack and its transaction processors. See Schnuck Mrkts. v. First Data Merchant Servs Corp., No. 4:13-cv-2226-JAR,...more

China to Implement New Personal Data Protection Rules

Effective March 15, 2015, China’s State Administration for Industry and Commerce (SAIC) will implement the new Measures for Penalties for Infringing upon the Rights and Interests of Consumers (Measures). The Measures clarify...more

Office of Civil Rights Delays Phase 2 Audits

The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not...more

Legislative Initiative: The Rhode Island Identity Theft Protection Act of 2015

President Barack Obama recognized in a speech he gave at the Federal Trade Commission on January 12th that identity theft poses a direct threat to the financial security of Americans. ...more

States Respond to Recent Breaches with Encryption Legislation

In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider...more

Standing in Data Breach Cases – Still a Moving Target

Where do we stand on standing in data breach cases? It depends on which court you ask. In December 2014, two courts considered whether plaintiffs alleged sufficient injury in their complaints involving well-known data...more

South Korean Communications Commission Releases Guidelines on Data Protection for Big Data

In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent...more

China's State Administration for Industry and Commerce Releases Measures Defining Consumer Personal Information

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015....more

Google signs UK Undertaking to Improve its Privacy Policy

On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012....more

Court Dismisses Data Breach Class Complaint For Lack Of Standing

On February 11, 2015, the U.S. District Court for the Southern District of Texas held that a plaintiff lacked standing to pursue claims for alleged violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq....more

Rewind and Replay: Plaintiffs Appeal Dismissal of VPPA Suits against Viacom, Google and Dow Jones

Plaintiffs in two recently dismissed class actions alleging violations of the Video Privacy Protection Act (“VPPA”) filed notices of appeal this week, asking the Third and Eleventh Circuit Courts of Appeals to hit the rewind...more

Courts Continue To Find That Unique Device Identifiers Are Not Personally Identifiable Information (PII) Under The Video Privacy...

Two recent federal district court rulings regarding the Video Privacy Protection Act (VPPA) follow the emerging trend of decisions indicating that courts are reluctant to find violations of the VPPA for sharing anonymous...more

No Harm, No Standing: Texas Federal Court Dismisses Data Breach Class Action

Dismissing a class action based on a data breach, the Southern District of Texas added to the growing number of decisions that find an alleged risk of future identity theft due to a data breach is not an injury that creates...more

SMS to Customers Seeking “Opt-In” for Advertisements May Violate TCPA

Customers who walked into a Bebe clothing store, purchased clothing, provided their phone numbers during the sale, and later received a text inviting them to “opt-in” to a list for additional discounts have a claim against...more

Preparing for a Data Breach – What to Know about Breach Notification

Data breaches are at the forefront of the news, and many companies, including those dominant in the health care industry, have found themselves front and center in the headlines. Although recent news stories have focused...more

How Recent Data Breaches are Changing the Face of Cybersecurity for the Private Sector

If "The Year of the Breach" and the rapid start to data breaches in 2015 have taught us anything, it is that any company is susceptible to a cyber attack; and, while data breaches are not a new concept, the way the private...more

Locke Lord QuickStudy: Attention, Health Insurers: Unique Encryption Requirements in NJ

Setting a new standard for encryption, New Jersey has enacted a new law (P.L. 2014, c. 88, codified at N.J. Stat. Ann. §§ 56:8-196 - 56:8-198) effective August 1, 2015, requiring health insurance carriers authorized to issue...more

What the Anthem Cyberattack Means for the Health Care Industry

Unfortunately, account hacks and data breaches are nothing new. Every day, we hear reports of hackers compromising networks and their protected data. When it happens on a massive scale to a powerful player in the health...more

Anthem Breach Triggers Lawsuits, Investigations And Heightened Concerns About Healthcare Security Infrastructure

Anthem, formerly known as WellPoint, announced on Wednesday that its database had been hacked, exposing the personal information of as many as 80 million individuals. According to Anthem, the information accessed included...more

Anthem Data Breach Spawns Class Action Suits and “Phishing” Scams

Last week, Anthem Inc. – the nation’s second largest health insurer – reported a data breach involving the disclosure of the personal information of over 80 million patients and employees. Plaintiffs wasted little time...more

651 Results
|
View per page
Page: of 27