Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…
Category: Legislation
Third Circuit Offers Blueprint for Defeating Data Breach Class Actions
Jeffrey N. Rosenthal and David J. Oberly discuss how the Third Circuit offers defense attorneys a way to possibly get some data breach lawsuits dismissed. They write, in part: Taken together, Reilly and Horizon operate to create a diving line between circumstances where standing might exist in the Third Circuit. Under Horizon, standing can often be established where plaintiffs are…
Do we need tougher breach notification rules?
Hell, yes! Oh, you want more rationale and calm analysis? Read Nic Fearn’s reporting: When Travelex was hit by a ransomware attack on New Year’s Eve, not just taking down its website, but the systems that enable it to do business, it was days before it even admitted it. Even then, it would only say…
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
FTC May Change Obscure Data Breach Rule In Telehealth Era
Ben Kochman reports: The Federal Trade Commission said Friday that it is considering changing a decade-old, little-used rule that requires certain companies handling health information to publicly report data breaches — and which could gain new relevance as consumers increasingly turn to telehealth. The consumer protection agency says it is soliciting comments on whether it should make…
Supreme Court to Consider Whether Improper Data Access Violates Computer Crime Law
From EPIC.org: The Supreme Court will decide whether a person who is authorized to access data for some purposes violates the Computer Fraud and Abuse Act if they access the information for other purposes. The case, Van Buren v. United States, concerns a police officer who accessed a law enforcement database to sell the information to…