More than two-thirds of U.S. corporate lawyers surveyed favor a federal law setting uniform data security and breach notification requirements across the country, according to results released today by the Association of...more
Plaintiff lawyers’ continued search for damage theories to assert in claims arising from a data breach – or fear of a breach – received a potential setback this week when Chief Judge Michael Reagan of the United States...more
4/9/2018
/ Appeals ,
Article III ,
Automotive Industry ,
Class Action ,
Connected Cars ,
Cybersecurity ,
Damages ,
Data Breach ,
Design Defects ,
Diminution in Value ,
Fiat ,
Hackers ,
Interlocutory Appeals ,
Motor Vehicles ,
Popular ,
Standing
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
With the European Union’s General Data Protection Regulation (“GDPR”) set to go into effect on May 25, 2018, many questions remain as to what entities that control and process data from EU citizens must do to comply. ...more
On March 6, 2018, the FTC hosted a live Twitter chat to mark the twentieth anniversary of the Children’s Online Privacy Protection Act (COPPA)....more
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit's most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify...more
1/25/2018
/ Article III ,
Background Checks ,
CareFirst ,
Class Action ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
Petition for Writ of Certiorari ,
Popular ,
SCOTUS ,
Spokeo v Robins ,
Standing
In proposed amendments earlier this week to the current draft of the "AV START Act," the Senate addressed important cybersecurity, data access, and privacy concerns associated with the development of highly automated vehicles...more
Influencer marketing is the popular practice of using individuals with large social media audiences—known as "influencers"—to advertise products and services through their social media accounts....more
10/4/2017
/ Advertising ,
Brand ,
Celebrity Endorsements ,
Disclosure Requirements ,
Endorsements ,
Facebook ,
Federal Trade Commission (FTC) ,
FTC Endorsement Guidelines ,
Influencers ,
Instagram ,
Marketing ,
Misrepresentation ,
Online Endorsements ,
Snapchat ,
Social Media ,
Twitter ,
Websites ,
YouTube
A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. ...more
There are several key takeaways from a 20-year proposed consent order agreed to by Uber Technologies, Inc. (Uber) and the Federal Trade Commission (FTC)...more
8/21/2017
/ Antitrust Provisions ,
Antitrust Violations ,
Cloud Storage ,
Corporate Counsel ,
Customer Privacy ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Sharing Economy ,
Uber
Delaware has joined the growing list of states that have recently amended their data breach laws. With passage of the first significant amendments to its data breach law since 2005, Delaware continues a state-law trend of...more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
Not everything that happens in Vegas stays in Vegas. Starting on October 1, 2017, a new Nevada privacy law will require certain website owners and operators to publish a notice regarding their privacy policies, disclosing to...more
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
In its latest effort to address security concerns about Internet of Things (IoT) devices, the Federal Trade Commission (FTC) has submitted public comments to the National Telecommunications and Information Administration's...more
This month, Colorado joined a growing list of nearly half of U.S. states when it enacted a law approving the use of autonomous driving systems. The Colorado law governs systems capable of controlling highly and fully...more
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
If you are a hospital processing European Union (EU) patient data, if you maintain EU customer loyalty programs, or if you engage in behavioral advertising of EU citizens, you may be required to appoint a data protection...more
5/4/2017
/ Article 29 Working Party (WP29) ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
Electronic Protected Health Information (ePHI) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Hospitals ,
International Data Transfers ,
Personal Data ,
Popular ,
Telecommunications
The EU General Data Protection Regulation (GDPR), which takes effect in May 2018, will require companies to reassess their mechanisms for obtaining, tracking, and verifying individuals' consent. Companies will need clear and...more
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more
2/3/2017
/ Appeals ,
Class Action ,
Class Certification ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Settlement ,
Target
With tax season in full swing, the Internal Revenue Service (IRS), state tax agencies, and tax industry groups recently renewed a warning about Form W-2 email spear-phishing scams.
...more
1/31/2017
/ Cyber Crimes ,
Email ,
Identity Theft ,
IRS ,
Payroll Records ,
Personally Identifiable Information ,
Phishing Scams ,
Social Security Numbers ,
Spoofing ,
Tax Fraud ,
W-2
If you or your third-party providers are engaged in cross-device tracking, you must adequately disclose the practice to your end users, provide them control over their information, and exercise care when collecting sensitive...more
1/26/2017
/ Advertising ,
Data Collection ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
FTC Act ,
Marketing ,
Mobile Devices ,
Section 5 ,
Technology ,
Tracking Systems ,
Transparency ,
Web Tracking