On June 28, 2024, Pennsylvania Governor Josh Shapiro signed an amendment to Pennsylvania’s Breach of Personal Information Notification Act into law. The amended law, which includes significant changes to the Keystone State’s...more
It well known that there are, unfortunately, many data breaches that frequently put private citizens’ data privacy in jeopardy. States have passed a variety of statutes aimed at addressing this problem in an attempt to...more
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Please see full Publication blow...more
In an age where data is widely available and almost everything is stored online, data breaches are becoming more common, and the outcomes of cases involving data breaches are unpredictable. Data involved in a breach can range...more
Phishing. Spoofing. - These words may sound silly, but for employers, they are anything but. Phishing is the attempt to obtain sensitive electronic information—such as usernames, passwords, or financial...more
A bi-partisan privacy and data security bill, which will significantly impact companies with North Carolina employees, is in the works. North Carolina State Representative Jason Saine (R), Appropriations Chairman of...more
A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response. Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
In light of recent high-profile breaches of highly sensitive data, this is a good time to remind individuals of how to protect their identity and credit information....more
In May, the U.S. Supreme Court issued its opinion in Spokeo v. Robins, providing guidance on the “injury-in-fact” aspect of the constitutional standing requirement for putative class action plaintiffs. 136 S. Ct. 1540...more
The IRS released a bulletin on December 30, 2015, (Announcement 2016-02) announcing that it would extend the tax exemption issued in August to organizations who provide credit monitoring to its employees following a data...more
This past July marked the fifth anniversary of the creation of the Consumer Financial Protection Bureau (CFPB), a period marked by sweeping changes to the regulatory and administrative environment in which financial...more
Does a data breach of a retailer’s payment-card information automatically confer Article III standing on affected customers? Is the mere possibility that some criminal element may use pilfered information to commit future...more
The Seventh Circuit reinstates the Neiman Marcus data breach class action lawsuit after finding that increased risk of future fraudulent charges and greater susceptibility to identify theft are sufficient for standing. ...more
With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more
In October 2014, the United States Postal Service (USPS) disclosed a cybersecurity data breach affecting approximately 800,000 current and former employees. The USPS later determined that, for some, the breach may have...more
The National Labor Relations Board has recently inserted itself into the world of cybersecurity after the United States Postal Service suffered a security breach involving the personal data of several hundred thousand of its...more