Commentaries and Analyses – Page 500

French Data Protection Authority Imposes a Record 250,000 € Fine to Optical Center for a Security Breach on its Website

Posted on June 11, 2018 by Dissent

Catherine Muyl and Marion Cavalier of Foley Hoag write: On June 7, 2018, the French Data Protection Authority (the CNIL) published a decision (issued one month earlier) in which it imposed a record 250,000 euros fine on Optical Center (which, although its name does not indicate, is a French company) for having insufficiently secured the…

MY: Putrajaya’s exam portal shut down, after data breach affecting millions

Posted on June 10, 2018 by Dissent

Zurairi Ar reports: The Ministry of Education’s School Examination Analysis System (SAPS) was taken offline yesterday, following the discovery of a security exploit that could have potentially exposed the personal details of more than 10 million citizens. Malay Mail was alerted of the vulnerability on Friday evening by a reader, who insisted on remaining anonymous…

Yahoo’s EU regulator orders privacy changes over data breach

Posted on June 8, 2018 by Dissent

Padraic Halpin reports: Yahoo’s European regulator has ordered it to make privacy changes following a probe into what it said was one of the largest ever data breaches to impact EU citizens. […] It ordered the internet company to take specified actions, including ensuring that all its data protection policies take account of the applicable…

Eleventh Circuit Vacates FTC Cybersecurity Order against LabMD

Posted on June 8, 2018 by Dissent

Attorneys at Ropes & Gray, the law firm representing LabMD in LabMD vs. FTC, write: On June 6, 2018, at the urging of Ropes & Gray, the U.S. Court of Appeals for the Eleventh Circuit vacated an order that the Federal Trade Commission (the “FTC”) had imposed on LabMD, Inc. (“LabMD”) to overhaul the cancer…

There’s a big problem for the FTC lurking in 11th Circuit’s LabMD data-security ruling

Posted on June 8, 2018 by Dissent

Alison Frankel writes about what she calls the less obvious takeaway from the 11th Circuit’s LabMD opinion: FTC enforcement actions for unfair practices cannot be based just on consumer injury, even “substantial” injury. This is going to get wonky, but, trust me, it’s what cybersecurity defense lawyers are already buzzing about. Read more on Reuters….

The Supreme Court Will Rule on Data Breach Class Arbitration Suit

Posted on June 7, 2018 by Dissent

Jason C. Gavejian and Maya Atrakchi of Jackson Lewis write: The U.S. Supreme Court recently granted a petition for review of a data breach lawsuit addressing the issue of whether parties can pursue a class arbitration when the language in the arbitration agreement does not explicitly allow for such, Lamps Plus, Inc. v. Varela , No. 17-988,…