State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
In a critical revelation within the realm of digital privacy, a significant data breach was uncovered involving key players in the dating app industry. Approximately 1.5 million explicit images from users of BDSM People,...more
Key Takeaways: On December 28, 2024, education technology company PowerSchool disclosed a cybersecurity breach impacting 62 million students and 9.5 million educators across the globe. The intrusion, which began on December...more
In April 2024, the IRS sent notices informing more than 70,000 taxpayers that their tax and personal data had been stolen in 2019 by a former IRS contractor, Charles Littlejohn. Littlejohn not only stole the data of hundreds...more
The New York State Department of Financial Services recently announced that it has entered into a consent order with PayPal, Inc. for violations of the NYDFS Cybersecurity Regulation. The consent order, under which PayPal has...more
According to a highly critical article recently published by TechCrunch, the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
PowerSchool, a provider of software solutions for K-12 school systems, recently disclosed a cybersecurity incident that may have potentially exposed sensitive information of both students and school district employees....more
On December 24, 2024, New York Governor Kathy Hochul signed into law amendments to New York’s private-sector data breach notification law (General Business Law § 899-aa) and government agency data breach notification law (New...more
American Addiction Centers Inc. faces a class action in the Middle District of Tennessee for allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) by failing to protect patient data from...more
Class actions arising from data breach represented the fastest growing segment of class action filings. In 2023, more than 2000 class actions were filed, more than triple the amount filed in 2022. These cases were filed in...more
The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
The hospitality industry is a prime target for cyber criminals, due in part to the high volume of sensitive guest data, including financial information, that companies maintain. Almost one-third of hospitality organizations...more
A recent cyber attack targeting ZircoDATA, a data firm contracted by Australia’s Department of Home Affairs, has raised significant concerns about data privacy and cybersecurity in government-linked organizations. This breach...more
We are pleased to announce that several of the firm’s practice groups and attorneys were recognized in the 2024 edition of Chambers USA, a directory of leading law firms and attorneys. Chambers and Partners annually...more
On April 25, 2024, the attorneys general of 22 states issued a letter encouraging UnitedHealth Group and its subsidiary, Change Healthcare, to take additional steps to respond to a massively disruptive cyberattack. The broad,...more
Multi-employer plan participants involved in an Employee Retirement Income Security Act of 1974 (ERISA) class action lawsuit against Horizon Actuarial Services LLC (Horizon), a national retirement services firm, have entered...more
Healthcare providers are responsible for guarding the health and well-being of their patients. Still, they also have an essential duty to protect the personal information they collect in the process....more
The new Swiss Federal Act on Data Protection, known by the acronym “nFADP,” took effect on September 1. The law was enacted by the Swiss parliament in 2020. The law introduces new rights for Swiss citizens, but also...more
On July 5, 2023, the National Institutes of Health Federal Credit Union filed a notice of data breach with the Attorney General of Maine following the company’s discovery that an unauthorized party was able to get into an...more
On June 30, 2023, ARx Patient Solutions filed a notice of data breach with the Attorney General of Maine after discovering that an employee’s M365 email account was accessed by an unauthorized party. In this notice, ARx...more
On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a final rule that revises the Homeland Security Acquisition Regulation (HSAR) to implement security and privacy measures for contractors to safeguard...more
Paul Hastings attended the 2023 Global Privacy Summit (GPS) hosted by the International Association of Privacy Professionals (IAPP). Privacy professionals from all over the world gathered in Washington, D.C. to learn about...more
On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) released its proposal to amend Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (the “Proposed...more
Healthcare organizations collect and generate tremendous volumes of highly sensitive—and highly regulated—information about patients every day. A substantial portion of this data is personally identifiable information (PII)...more
A recent blog post by the leader of a cybersecurity platform provides a suggestion as to how gig economy companies can protect all the sensitive data they accumulate – and we can add a few more items to that checklist. Arti...more