The Federal Trade Commission (FTC) has been actively flexing its authority as a privacy regulator in recent months. The agency has been especially focused on identifying data practices it views to be “unfair”, thereby...more
An unprecedented cyber qui tam action involving Georgia Tech’s alleged failure to comply with certain cybersecurity controls underscores the importance of having advanced cyber requirements for federal contractors. Our...more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
What is a Privacy Policy? A company’s privacy policy details its commitments regarding the handling and use of consumer data. The policy must explicitly define the company’s practices for collecting, storing, processing, and...more
The Consumer Financial Protection Bureau's (CFPB) eyes are on the gaming industry and the potential harm consumers may suffer from data security and privacy concerns....more
The SEC has been aggressively pursuing cybersecurity investigations and enforcement actions against public companies and foreign private issuers. In these actions, the SEC often alleges one of two theories: 1) that the...more
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
Businesses take heed: California state officials just warned that the law prohibits you from collecting unnecessary data and retaining data for longer than necessary. The California Privacy Protection Agency published its...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
California Attorney General Rob Bonta has been actively enforcing the California Consumer Privacy Act (CCPA) since July 2023, when he announced an “investigative sweep” through inquiry letters sent to large California...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends. While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
In September, the California Attorney General (the “AG”) reached a settlement with Glow, Inc. (“Glow”), a technology company that is responsible for an ovulation and fertility-tracking mobile application called the Glow app....more
When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more
What insights into cyber security norms can organisations glean from the UK ICO’s recent enforcement decisions, most of which have been released since the GDPR came into force? Final fines are still awaited on the UK’s...more
Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more
On July 24, 2019, both the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) announced landmark settlements with Facebook. The agreements were significant not only because of the hefty fines...more
North Carolina joined Attorneys General from a dozen states in suing Indiana based Medical Informatics Engineering (MIE) and affiliates. The complaint alleges that the companies failed to undertake reasonable measures to...more
The European Union's General Data Protection Regulation (GDPR) is the most comprehensive data privacy regulation in the world. It also confers upon supervisory authorities – i.e., regulators within the European Union Member...more
On September 26, 2018, the United States Securities and Exchange Commission (“SEC”) announced a $1 million settlement with an Iowa-based broker-dealer over allegations that it maintained deficient cybersecurity policies and...more
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement....more
On February 27, 2018, the Federal Trade Commission (FTC) announced that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and...more
On January 8, 2018, the Federal Trade Commission (FTC) brought its first-ever privacy and data security case involving Internet-connected toys. VTech Electronics Limited and its US subsidiary (VTech), maker of...more
The FTC has recently provided specific guidance on what it considers appropriate data breach protection activity by financial institutions. Such guidance came by virtue of a proposed consent order, dated August 29, 2017,...more