Tag Archives: Breach

Senators Klobuchar and Kennedy Introduce Privacy Legislation

On April 24, 2018, Senators Amy Klobuchar (D-MN) and John Kennedy (R-LA) introduced the Social Media Privacy and Consumer Rights Act of 2018.  The bill aims to protect consumers’ online data by increasing the transparency of data collection and tracking practices, and requiring companies to notify consumers of a privacy violation within 72 hours. “Our … Continue Reading

FTC Announces “Stick With Security” Initiative

The FTC announced today a new “Stick With Security” Initiative, building on its prior “Start With Security” guide as “part of its ongoing efforts to help businesses ensure that they are taking reasonable steps to protect and secure consumer data.”  Stick With Security constitutes a series of blog posts published each Friday using “hypothetical examples … Continue Reading

Significant HIPAA Fine Follows Business Associate’s Stolen iPhone

A new post over on Covington’s eHealth blog discusses a recent enforcement action taken by the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) against Catholic Health Care Services, a business associate under HIPAA, arising out of a stolen iPhone.  This recent enforcement action should put business associates … Continue Reading

New York Attorney General Unveils Data Breach Proposal

On the heels of a number of well-publicized data security breaches, a White House data breach proposal, and California’s recent changes to its data breach notification statute, New York Attorney General Eric Schneiderman has announced that he will propose legislation to strengthen New York’s data breach notification law.   The legislation had not been made public … Continue Reading

EU Article 29 Working Party Publishes Guidance on Data Breach Notification

By Philippe Bradley and Ezra Steinhardt Last week, the Article 29 Data Protection Working Party published a non-binding Opinion on data breach notifications, titled Opinion 03/2014 on Personal Data Breach Notification (the Opinion).  The Opinion provides helpful new guidance to companies seeking to understand whether or not notifications about a breach must be made to … Continue Reading

Federal Court Dismisses Data Breach Suit Alleging Only Speculative Harms

On Monday, February 12, a Southern District of Ohio district court dismissed two proposed class actions relating to an October 2012 Nationwide Mutual Insurance Co. data breach. Galaria v. Nationwide Mutual Ins. Co., No. 2:13-cv-118 (S.D. Ohio Feb. 10, 2014); Hancox v. Nationwide Mutual Ins. Co., No. 2:13-cv-257 (S.D. Ohio Feb. 10, 2014). The court … Continue Reading

Australian Government Launches Discussion Paper on Privacy Breach Notification

By Shamma Iqbal and Fredericka Argent This month, following an inquiry by the Australian Law Reform Commission (“ALRC”) into the effectiveness of the Australian Privacy Act 1988, the Australian government launched a discussion paper which calls for views from the public on whether a mandatory data breach notification scheme should be introduced in Australia. This … Continue Reading

Wyndham: FTC Lacks Authority to Regulate Data Security

Earlier this week, Wyndham Hotels & Resorts LLC moved to dismiss the complaint filed against it by the Federal Trade Commission in connection with Wyndham’s data security practices, asserting that the FTC has neither the authority nor the expertise to regulate them. As we previously noted, the FTC filed a complaint against Wyndham in June … Continue Reading

The FTC’s Lawsuit Against Wyndham

By Ryan Mowery Last week, the FTC filed suit in federal court against global hospitality firm Wyndham Worldwide Corporation in connection with a series of data breaches affecting Wyndham and its subsidiaries between 2008 and 2010.  The complaint alleges that Wyndham misrepresented the security measures it employed to protect consumers’ personal information and that consumers … Continue Reading

Settlement Reached in Data Security Breach Lawsuit Against Bank

Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach.  In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers.  … Continue Reading

First Circuit Holds That Mitigation Costs Are Sufficient To Support Claims in Card Breach Case

Reversing the decision of the lower court, the U.S. First Circuit Court of Appeals recently held in Anderson v. Hannaford Bros. Co. that under Maine law, claims for breach of contract and negligence can be premised on the cost of replacing credit/debit cards whose numbers had been breached and the cost of credit insurance where … Continue Reading

Blumenthal Introduces Data Protection and Breach Notice Legislation.

As The Hill and other news outlets are reporting, Sen. Richard Blumenthal (D-CT) — who previously was one of the most active state attorneys general on privacy and data security issues before joining the Senate in 2011 — has introduced data protection legislation. This will be the eighth breach notification bill introduced on Capitol Hill during the 113th … Continue Reading

Following the Sony Breach

The fallout from the last month’s data breaches of Sony’s PlayStation Network and its Online Entertainment service continued this week.  On Tuesday, Sen. Richard Blumenthal (D-CT) sent a follow-up letter to Sony saying he is “deeply concerned about the egregious inadequacy of Sony’s efforts thus far to notify its customers of these breaches,” and New … Continue Reading
LexBlog