On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s...more
The best practice approach to effectively handling a data security incident starts with a proactive response plan. But when the inevitable occurs, will your plan stand up to the test? Join our panel of experts as they discuss...more
HIGHLIGHTS: CFPB announced that it is filing a lawsuit today against a nationwide credit reporting agency, two related companies, and a top executive for violating a January 2017 consent order with the CFPB. ...more
Last week, the Federal Trade Commission (FTC) announced that it agreed to settle claims against Dun & Bradstreet (D&B), a business credit reporting agency engaged in deceptive and unfair practices with small and mid-sized...more
The U.S. District Court for the Northern District of Illinois recently used Section 19 of the FTC Act to impose a $5 million restitution award after the original restitution award under Section 13(b) was vacated by the...more
It well known that there are, unfortunately, many data breaches that frequently put private citizens’ data privacy in jeopardy. States have passed a variety of statutes aimed at addressing this problem in an attempt to...more
At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take...more
Report on Patient Privacy 20, no 5. (May 2020) - Ambry Genetics, based in Aliso Viejo, California, has reported a data breach involving nearly 233,000 people. In its statement, the company said it identified “unauthorized...more
It is a commonly-held belief that younger, more tech-savvy individuals are less likely to engage in risky cyber practices than their “senior,” pre-internet counterparts. Recent evidence, however, indicates to the contrary...more
In this unprecedented time, private equity sponsors and their portfolio companies and other corporate borrowers are concerned about access to liquidity as well as compliance with payment and other obligations under their...more
As of January 1, 2020, California will become the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any...more
Arizona-based Banner Health has agreed to settle for up to $6 million a class action case filed against it following a 2016 incident that compromised the personal information of 3 million individuals....more
When the California Consumer Privacy Act (“CCPA”) takes effect in January 2020, California will become the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages of...more
The Seventh Circuit recently reduced the scope of one of the Federal Trade Commission's most effective enforcement tools, the power to seek restitution for violations of consumer protection laws. The decision in Federal Trade...more
Amgen will pay $13.4 billion in cash to buy psoriasis treatment Otezla, a deal that will “pave the way for Bristol-Myers Squibb to complete its acquisition of Celgene” by addressing “regulatory concerns over their union”....more
On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the...more
We know we told you yesterday about the Equifax settlement and how you could make a claim in connection with the breach. Well, consumers whose personal information was compromised in Equifax’s massive 2017 data breach are in...more
Many readers have reached out to learn about the Capital One data breach and how it affects us. If you haven’t been watching the story unfold as closely as I have, here is a summary of what happened, what information was...more
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Please see full Publication blow...more
Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit...more
The FTC has issued a final rule to implement a 2018 amendment to the FCRA made by the Economic Growth, Regulatory Relief, and Consumer Protection Act that requires nationwide consumer reporting agencies (CRAs) to provide...more
On April 11, 2019, significant revisions to Massachusetts’ data breach law – Chapter 93H – take effect. The revised statute requires more detailed notifications to both the Commonwealth and affected consumers, and mandates...more
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
As of April 11, 2019, Massachusetts will require organizations suffering a data breach that involves a resident’s social security number to provide credit monitoring services (CM Services) at no cost to the resident. If the...more