Mark Townsend reports: Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed the scandal that mired the tech giant in repeated controversy. A court filing reveals that Meta, Facebook’s parent company, has in principle settled for an…
Category: Breach Laws
Patchwork of US State Regulations Becomes More Complex as Florida, North Carolina Ban Ransomware Payments
Scott Ikeda reports: The issue of banning ransomware payments has been contentious and hotly debated in governments throughout the world in the last few years, particularly as the problem seemed to grow out of control during the Covid-19 pandemic. In the US, the federal government has come down on the side of allowing payments but adding increasingly…
Data breach class actions: Southern District of New York dismisses action against health care providers for lack of standing
James Bogan III of Kilpatrick Townsend & Stockton LLP writes: Takeaway: In a prior article, we reported on the Second Circuit’s decision in McMorris v. Carlos Lopez & Associates, LLC, 995 F.3d 295 (2d Cir. 2021), in which the court, ruling on an issue of first impression, set out a non-exhaustive three-factor test for determining…
FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement”
Joseph Lazarrotti of JacksonLewis writes: On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of Effective Breach Disclosures.” In the post, the FTC takes the position that in some cases there may be a de facto data breach…
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…
Rattled by RIPTA breach that affected 22,000, lawmakers propose policy changes
Antonia Noori Farzan reports: Lawmakers say that last year’s breach of Rhode Island Public Transit Authority computer systems highlighted glaring problems with the way the state responds to the theft of people’s personal data. […] DiPalma’s bill, S 2664, is designed to expand the protections and reporting requirements outlined in the Identity Theft Protection Act of 2015. A companion bill, H…