Cory L. Andrews of Washington Legal Foundation has an OpEd that begins: The Federal Trade Commission (FTC) has developed a well-known penchant for using individually negotiated settlement agreements and consent decrees to announce for the first time what qualifies as “unfair” or “deceptive” conduct under the FTC Act. In the data-privacy arena, FTC views these…
Category: Breach Laws
Ohio Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
William Berglund, Robert J. Hanna and Victoria L. Vance of Tucker Ellis write: Maintaining robust cybersecurity measures that meet government- and industry-recognized standards will provide businesses operating in Ohio with a legal defense to data breach lawsuits, if a bill recently introduced in the Ohio Senate becomes law. Ohio Senate Bill No. 220 (S.B. 220),…
National data breach notification law introduced by Senate Commerce Committee members
Patrick Howell O’Neill reports: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports…
SCOTUS Will Not Review CFAA Password Sharing Case
Jason C. Gavejian writes: The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to…
Maryland Data Breach Notification Law Updated: Effective 1/1/18
Linn Freedman reports: The Maryland Personal Information Protection Act has been updated and the new provisions are effective January 1, 2018. The new law expands the definition of personal information that is protected under the statute. Presently, the definition of personal information includes a Maryland resident’s first and last name or initial and last name…
WP29 guidelines on personal data breach notification under GDPR
Anita Anand of Allen & Overy writes: The Article 29 Working Party this week published draft Guidelines on personal data breach notificationunder GDPR. The relevant GDPR provisions are often misrepresented, and in many respects leave matters open to interpretation – a good or bad thing depending on the day. Many are now asking what further…