On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement demonstrates that companies in post-data breach environments must … Continue Reading
U.S. Senate leaders may be close to reaching an agreement on a legislative proposal that would establish a national data breach notification and security standard (the Data Acquisition and Technology Accountability and Security Act) which would streamline nationwide … Continue Reading
“A significant data breach is likely to cost the company materially, and costs could drag on for a number of years,” analyst Shlomo Rosenbaum, commenting on the Equifax breach.
Organizations increasingly rely on third-party service providers for data collection, processing, … Continue Reading
On September 7, Equifax, one of the three major credit reporting firms in the U.S., disclosed a data breach that potentially affects 143 million consumers. Equifax’s disclosure indicated that the breach, which Equifax claims to have discovered in July, resulted … Continue Reading
Consistent with a growing trend among courts nationwide, the D.C. Circuit Court unanimously held that a group of plaintiffs had cleared a “low bar” to establish constitutional standing for their claims in a data breach case against health insurer CareFirst … Continue Reading
The impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as … Continue Reading
Data breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading
Earlier this year, the Supreme Court, in Spokeo, Inc. v. Robins, held that a bare procedural violation of a statutory requirement, divorced from any concrete harm, does not establish the injury-in-fact necessary to maintain a lawsuit in federal court. … Continue Reading
Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, … Continue Reading
Seemingly not a day goes by without news of another major data breach. In the past few weeks, Yahoo! announced that at least 500 million of its user accounts were stolen in 2014, hot on the heels of Dropbox’s announcement … Continue Reading
Particularity and plausibility are recurring themes from Judge Reagan’s order last week in the most recent round of litigation stemming from a 2012-2013 data breach at Schnucks grocery. See Community Bank, et al. v. Schnuck Markets, Inc., No. 3:15-cv-01125-MJR-RJD … Continue Reading
The healthcare industry suffered its worst year to date for data breaches in 2015. The Department of Health and Human Services Office for Civil Rights (“OCR”), which tracks healthcare breaches that affect 500 or more individuals, reported that 255 breaches … Continue Reading
The latest major health insurance data breach of 2015 reported by Excellus BlueCross BlueShield is considered one of the top 20 worst reported breaches of a healthcare organization. The attack affected about 7 million Excellus members and 3.5 million members … Continue Reading
The UK’s data protection authority, the Information Commissioner’s Office (ICO), may be prompted to investigate a serious breach of privacy involving a London health clinic last week.
The 56 Dean Street Clinic, which is operated by the Chelsea and … Continue Reading
Illicit affairs have always imposed risks – from marital discord and divorce to boiling bunnies and Maury appearances. However, when old-school adultery met new-school technology on the Ashley Madison infidelity website, those risks expanded to include data breach, identity theft, … Continue Reading
Until very recently, it was considered matter of course in a services agreement for any data disclosure or loss, regardless of cause, to be excluded from any and all limitations of the vendor’s liability. However, as data breaches continue to … Continue Reading
Last week, President Obama proposed wide-reaching legislation to establish a uniform, nationwide standard for data breach notifications that envisions a significant enforcement role for the Consumer Financial Protection Bureau (CFPB). The proposal, titled the Personal Data Notification and Protection Act, … Continue Reading
During the holidays, consumers are pulling out debit and credit cards again, again and again. It is with a degree of blind faith those same consumers trust their personal data is going where intended and not into the hands of … Continue Reading
In light of the recent data privacy breaches at major retailers and that the burden of such breaches hit community banks particularly hard, Office of the Comptroller of the Currency (OCC) Comptroller Curry’s recent speech at the Community Bankers Symposium … Continue Reading
As part of a growing trend in state legislatures across the country, the Florida Information Protection Act of 2014 (FIPA), § 501.171, expanded the requirements on covered entities that acquire, maintain, store or use personal information of Floridians. Effective … Continue Reading
Spotify issued a data breach notification to its users, warning that it had discovered unauthorized access to its systems and internal company data. According to the alert, which was emailed to all users, Spotify’s investigation only evidenced that “one … Continue Reading
Last night’s 2-2 draw in the pre-World Cup friendly between England and Ecuador is causing unexpected headlines in the UK, after an embarrassing security and data protection breach. It has been revealed that prior to the start of the … Continue Reading
The Article 29 Working Party has recently adopted an Opinion, providing good practice guidance for data controllers on when to notify data subjects of a personal data breach.
Notification of data breaches to data protection authorities is already a … Continue Reading