Tag Archives: personal information

Delaware Revamps Its State Data Breach Notification Statute

On Aug. 17, 2017, Delaware revamped its existing data breach notification statute. In doing so, Delaware became the second state (joining Connecticut) to mandate offering individuals affected by a breach of security involving Social Security numbers at least one year of complimentary credit monitoring services. The new law takes effect on April 14, 2018, and … Continue Reading

Tales from the Trenches: Lessons Learned from the Ashley Madison Data Breach

In July 2015, the online cheating website Ashley Madison was hacked and data pertaining to its 37 million users were published online. The story made headlines given the sensitive nature of the information exposed, the number of people affected and the sensational details of the hack, which included allegations of fraud, blackmail and extortion. The … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory, … Continue Reading

California Amends Its Breach Notification Statute

For the third time in as many years, California has once again amended its breach notification statute. This time it expanded the definition of “personal information,” clarified the term “encryption,” and mandated additional formatting and content requirements for individual notification letters. These amendments impact both companies and agencies and will go into effect on January … Continue Reading

2014 Information Governance Year in Review

2014 has been perhaps the biggest year Information Governance (“IG”) has seen. A relatively small and, if not unknown, at least undefined field only a few years ago has grown into an area of interest—and concern—to many organizations. The continued growth of data, the escalating threat of data breaches, the amazing ability to collect and … Continue Reading

Indecent Exposure: FTC Obtains Injunctions Against Debt Brokers for Improperly Published Consumer Information

On November 12, 2014, the Federal Trade Commission announced that the District Court for the District of Columbia had entered preliminary injunctions against two debt sellers which, together, had improperly posted personal information of over 70,000 consumers online. The FTC filed complaints seeking permanent injunctions and other equitable relief against Cornerstone and Co., LLC, and … Continue Reading

California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?

Editor’s Note: The authors would like to thank Jaysen Borja for his contributions to this post. On September 30, 2014, California Governor, Jerry Brown, signed Assembly Bill 1710 into law, amending California’s existing personal information privacy laws.  A.B. 1710 makes several changes to existing laws including: (1) the requirement that businesses that “maintain” personal information … Continue Reading

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

OfficeMax Class Action Zip Code Plaintiffs Again Seek Approval for Settlement and Attorney Fee Payment

Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. Lawyers representing a purported class of customers who accused retailer OfficeMax North America Inc. (OfficeMax) of illegally recording their zip codes tried again this week to gain court approval of a settlement deal agreed to with OfficeMax. Dardarian v. OfficeMax Inc., case … Continue Reading

SAFE Data Act Approved by House Subcommittee

The House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Mary Bono Mack (CA), approved the Secure and Fortify Electronic Data Act (H.R. 2577) (SAFE Data Act) following lengthy debate on July 20, 2011.  The SAFE Data Act contains information security requirements and breach notice obligations consistent with Rep. Bono Mack’s statements following the … Continue Reading

Personal Information is Not Property Under California Unfair Competition Law

On May 12, 2011, a California federal court dismissed substantive claims in a class action privacy lawsuit against Facebook.  The plaintiffs alleged eight causes of action under federal and state law, claiming that Facebook shared users’ personal information with advertisers without the users’ consent.  Although the judge found that the plaintiffs had standing to bring … Continue Reading

California Social Networking Privacy Act Stalls

California SB 242 (Social Networking Privacy Act), which we covered here, would require social networking websites to design default privacy settings that prevent information about a user from being displayed without affirmative consent from the user.  On May 27, 2011, the bill failed to receive enough votes to pass the California Senate.      The bill faced … Continue Reading

Three National Data Breach Notification Legislative Proposals Issued

So far this month, three legislative proposals containing a national data breach notification requirement have been issued.  On May 4, Rep. Bobby L. Rush (D-Ill.) reintroduced the Data Accountability and Trust Act.  On May 11, Rep. Cliff Stearns (R-Fla.) introduced the Data Accountability and Trust Act (DATA) of 2011.  One day later, the White House … Continue Reading

Restaurant Group Pays $110,000 to Settle Lawsuit Alleging a Failure to Secure Payment Card Data

In a February co-post with Baker Hostetler’s Hospitality Lawg, we wrote about security breach reports that continued to show hospitality and restaurant groups as favorite targets of hackers.  Two of the factors we cited as explanations for their vulnerability—failure to secure wireless networks and not complying with the Payment Card Industry Data Security Standard (PCI … Continue Reading
LexBlog