I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
Frontier Communications (Frontier) faces three class action lawsuits in relation to a cyber data breach in which the criminal ransomware group, RansomHub, stole personally identifiable information (PII) of over 750,000...more
Businesses take heed: California state officials just warned that the law prohibits you from collecting unnecessary data and retaining data for longer than necessary. The California Privacy Protection Agency published its...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
The first post-California Consumer Privacy Act (CCPA) data breach class action was filed on February 3 in the Northern District of California. See Barnes v. Hanna Andersson, LLC , N.D. Cal., Case No. 20-cv-00812....more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
Effective October 23, 2019 for changes in data breach notification requirements, and March 21, 2020 for new data security requirements, New York’s “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) broadens...more
On August 6, 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released ISO/IEC 27701 (ISO 27701), a privacy extension to ISO/IEC 27001 and ISO/IEC 27002...more
Equifax to Pay up to $700 Million as Part of Settlement for 2017 Data Breach - Equifax has agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the FTC, the CFPB, and...more
Did you know Americans lost nearly $150 million dollars to real estate internet scams last year? That makes real estate cyber crime a greater risk to Americans than identity theft ($100 million in losses) or credit card fraud...more
Just prior to the sweltering hot weekend, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act. Taking effect on March 22, 2020, the law imposes new obligations on entities to...more
Earlier this year, California legislators proposed A.B. 981 (“the proposal”), which, among other things, would have exempted insurance institutions, agents and support organizations (“insurers”) from many provisions of the...more
Recently, the Financial Industry Regulatory Authority (“FINRA”) and the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) separately issued important guidance regarding customer communications surrounding the...more
In response to numerous comments regarding the California Consumer Privacy Act (CCPA), on February 21, 2019, Assembly Member Tom Daly (D-CA 69th) proposed AB 981, designed to clarify the privacy protection laws applicable to...more
No one knows for sure how many "things" are connected to the Internet, but the Federal Trade Commission reported last year that it was more than 8 billion, and that it would exceed 20 billion by the end of 2020! Astonishing...more
California “Connected Devices” Law - On September 28, 2018, California passed a new law that raised the baseline for the security of Internet of Things (“IoT”) devices, or “connected devices.” Under this new law,...more
On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data...more
In a groundbreaking decision published on November 21, 2018, the Pennsylvania Supreme Court held, for the first time, that employers must exercise reasonable care to safeguard employee personal information stored on an...more
Following the recent legalization of cannabis, private retailers are open for business from coast to coast. While cannabis remains illegal in other jurisdictions, cannabis users' personal information is highly sensitive. In...more
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement....more
The year was 2005. The iPhone was still two years away. Facebook was still a niche product. Tweeting was a birds-only activity. And North Carolina was one of the first states in the union to enact a data breach notification...more
A large portion of the data breaches that occur each year involve human resource related issues. This includes situations in which HR data was lost, employees were inadvertently responsible for the loss of information about...more
The FTC has recently provided specific guidance on what it considers appropriate data breach protection activity by financial institutions. Such guidance came by virtue of a proposed consent order, dated August 29, 2017,...more