The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends. While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
When the regulator has decided to investigate your organisation following a data breach, the remit for the investigation will be wide-ranging and go beyond the narrow circumstances of the breach. Recent decisions shed useful...more
Privacy and cybersecurity is at the forefront of everyone’s mind these days and, in 2018, the Office for Civil Rights (“OCR”) settled ten cases and prevailed in another before an Administrative Law Judge to the tune of...more
North Carolina joined Attorneys General from a dozen states in suing Indiana based Medical Informatics Engineering (MIE) and affiliates. The complaint alleges that the companies failed to undertake reasonable measures to...more
The European Union's General Data Protection Regulation (GDPR) is the most comprehensive data privacy regulation in the world. It also confers upon supervisory authorities – i.e., regulators within the European Union Member...more
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement....more
The FTC has recently provided specific guidance on what it considers appropriate data breach protection activity by financial institutions. Such guidance came by virtue of a proposed consent order, dated August 29, 2017,...more
On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its...more
In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had...more
Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and...more
Recently, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, agreed to settle charges that it failed to establish the required cybersecurity policies and procedures before a...more
On September 22, 2015, the Securities and Exchange Commission (SEC) filed a settled administrative proceeding[1] alleging that a registered investment adviser failed to adopt cybersecurity procedures in violation of an SEC...more
On August 24, in FTC v. Wyndham Worldwide Corp. et al, the Third Circuit Court of Appeals affirmed that the FTC could enforce its own reasonable interpretation of what cybersecurity standards are necessary to avoid...more
If you read one thing: - The Federal Trade Commission (FTC) secured a major appellate victory in its quest to challenge lax corporate cybersecurity practices - In light of the 3rd Circuit’s decision,...more