Personally Identifiable Information

News & Analysis as of

Locke Lord QuickStudy: Montana and Wyoming Update Data Breach Laws

Montana and Wyoming have recently revised their data breach notification laws including their definitions of what constitutes Personally Identifiable Information (PII) subject to breach notification. ...more

Delaware’s “Computer Security Breaches” Law Needs an Overhaul

I suspect this may surprise most Delawareans. In 2005, Delaware Governor Ruth Ann Minner signed into law House Bill 116. That bill, now codified as 6 Del. C. §§ 12B-101 et seq., requires individuals or commercial entities,...more

US District Court in Pennsylvania Dismisses Data Breach Class Action on Article III Standing

In Storm & Holt v. Paytime, Inc., 1:14-cv-01138-JEJ (MD Penn. Mar. 13, 2015), the United States District Court for the Middle District of Pennsylvania addressed the Article III standing issue of when a cause of action may...more

Cloud Data Security Standards Reach New Heights?

Issues of data privacy and security are central to most cloud contract negotiations. While cloud service providers may be willing to take responsibility for the integrity of their networks, accepting obligations in relation...more

Toysmart Pt. Deux

An auction of RadioShack assets which concluded this week included the names and physical addresses of 65 million customers and email addresses of 13 million customers. The auction result and transfer of assets is still...more

Threat of Identity Theft is Not Enough: Another Data Breach Class Action Dismissed for Lack of Standing

Hewing to prior Third Circuit precedent in Reilly v. Ceridian and the Supreme Court’s precedent in Clapper v. Amnesty International, the Middle District of Pennsylvania recently joined the majority of federal district courts...more

Too Much Information – Eleventh Circuit’s Review of Ellis May Define “Personally Identifiable Information” for Cell Phone Users

On March 2, 2015, The Cartoon Network Inc. (“Cartoon Network”) filed its response brief in Mark Ellis v. Cartoon Network Inc., asking the Eleventh Circuit Court of Appeals to uphold the district court’s dismissal of the...more

Large Retailer Agrees to Pay $10 Million Related to Data Breach Incident

On March 19, a district court granted preliminary approval in which a large retailer agreed to pay $10 million to settle a class-action action suit related to a 2013 data breach, which resulted in the compromise of at least...more

Frontiers Of Data Breach Litigation: Standing Issues Presented To Seventh Circuit In Lewart v. P.F. Chang’s China Bistro, Inc.

In a brief made public on March 10, P.F. Chang’s China Bistro, Inc. urged the U.S. Court of Appeals for the Seventh Circuit to affirm a lower court’s decision to toss out two consolidated complaints filed against the company...more

A Look Back: NetDiligence 2014 Cyber Claims Study

The NetDiligence 2014 Cyber Claims Study relies on data voluntarily provided by insurers about amounts paid out on cyber claims occurring from 2011 through 2013. Since the Study only accounts cyber claims reported to larger...more

European Hearing on the Future of Safe Harbor

Back on February 12th 2015, Max Schrems, the Austrian law student who began Europe v. Facebook, posted a tweet suggesting that the Court of Justice of the European Union (CJEU) may hear his case as soon as this month. Since...more

E-Discovery and Information Management: Electronic Data Breach Of Student Records—The University’s Obligation To Disclose (3/15)

Data security breaches have become unfortunately prevalent amongst higher education institutions. In fact, colleges and universities suffer data breaches at a rate of just over one per week.(1) The Privacy Rights...more

Montana Tweaks Data Breach Statute

The Big Sky Country’s data breach statute is going to see some small changes come October. On Feb. 27, 2015 Montana Governor Steve Bullock signed H.B. 74 into law, amending the state’s data breach notification statute. Among...more

Business information and data processing: tidbits on the draft Code of Conduct

On March 11, 2015 the Italian Data Protection Authority (Garante per la protezione dei dati personali, the “Italian DPA“) initiated a public consultation on the draft Code of Conduct concerning the processing of personal data...more

Blog: Another Large Scale Data Breach Announced by Premera Blue Cross

Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business,...more

FCC Applies Section 222 to BIAS Providers, but Delays Specialized Rules

The Order does not forbear from applying Section 222 of the Act to broadband Internet access service (BIAS) providers. It did, however, forbear from applying its existing rules implementing Section 222, in recognition that...more

Privacy Tuesday - March 2015: Unpacking the Obama Administration’s Consumer Privacy Proposal

Taking another “step” toward developing comprehensive privacy legislation, the White House has released a discussion draft of the Consumer Privacy Bill of Rights Act of 2015. The draft reflects the Fair Information Practice...more

Consumer Privacy Bill of Rights

The White House released its much anticipated legislative proposal on the Consumer Privacy Bill of Rights Act (CPBRA) that was first floated in 2012. The CPBRA, if enacted (which seems unlikely before 2016), would provide...more

Lessons Learned from the Anthem Cyber-Attack and Corresponding “HIPAA Actions”

Anthem Inc. (“Anthem”), the nation's second-largest health insurer, disclosed on Wednesday, February 4, 2015, that it was the victim of a major cyber-attack. According to Anthem, the attack exposed personal information of...more

White House Introduces Discussion Draft of Consumer Privacy Bill of Rights

Although most states have enacted some form of data privacy and breach notification laws, and certain federal statutory schemes cover specific industry sectors, there are no privacy protections for all personal data. Given...more

Why You Need a Privacy Policy – Part 2: Avoiding Three Common Fumbles

In Part 1, we covered some basic privacy policy concepts. Here in Part 2, we address three problems associated with privacy policies in practice. 1. You Don’t Have One, But You Really Should - There is no...more

Appellate Courts Being Drawn Into VPPA Fray

Last week the Third and Eleventh Circuit Courts of Appeals assigned case numbers to the appeals of In re Nickelodeon Privacy Litigation and Locklear v. Dow Jones & Co., Inc., two recently dismissed class actions in which...more

State Data Breach Notification Law Updates

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more

Wyoming Amends Data Breach Statute, Increases Scope of PII and Notice

The scope of PII and data breach notice just got a lot bigger in Big Wyoming. Wyoming Governor Matt Mead signed two bills into law on March 2 amending the state’s data breach notification statute. The bills – S.F. 35 and S.F....more

What is a Privacy Policy? – Part 1

A privacy policy is a key legal document in this new era of Big/Data/Breaches. When distilled to its essence, a privacy policy is simply “say what you do, and do what you say” with others’ personal information. A growing...more

676 Results
|
View per page
Page: of 28