The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers. Drizly and Rellas were alerted to security problems two years prior to the breach yet…
Category: Legislation
Australia to propose increased penalties for data breaches following major cyberattacks
Reuters reports: Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks. […] Dreyfus, in an official statement issued on Saturday, said the government would next week move to “significantly increase penalties for repeated or serious privacy…
New York Department of Financial Services settles charges against EyeMed with a $4.5 million penalty and remedial cybersecurity plan
In January 2022, DataBreaches reported that New York announced a $600,000 agreement with EyeMed that resolved a 2020 phishing incident that compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York. But that was not the end of enforcement action and monetary penalties for EyeMed. Now the state’s Department of…
A Data Breach Is Bad, But Disclosing Too Much Could be Worse
Adam Stone reports: When state and local IT systems get breached, there’s a balancing act to be struck. How much can and should the public be told? Some advocates of transparency and accountability say anything that happens in the public realm ought to be public knowledge. On the opposite extreme, some IT leaders worry that…
Landmark U.S.-UK Data Access Agreement Enters into Force
The Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime (“Data Access Agreement” or “Agreement”) entered into force today. The Agreement is authorized by the Clarifying Lawful Overseas Use…
CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act
Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022…