Yan Luo and Zhijing Yu of Covington & Burling write: On July 2, 2020, the Standing Committee of the National People’s Congress of China (“NPC”) released the draft Data Security Law (“Draft Law”) for public comment. The release of the Draft Law marks a step forward in establishing a regulatory framework for the protection of broadly defined…
Category: Legislation
FTC Reaches Settlement with Kohl’s over Allegations it Failed to Provide Victims with Information Related to Identity Theft
From the FTC, this press release: Kohl’s Department Stores, Inc. has agreed to pay a civil penalty of $220,000 to settle Federal Trade Commission allegations that the Wisconsin-based retailer violated the Fair Credit Reporting Act (FCRA) by refusing to provide complete records of transactions to consumers whose personal information was used by identity thieves. In…
Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…
Third Circuit Offers Blueprint for Defeating Data Breach Class Actions
Jeffrey N. Rosenthal and David J. Oberly discuss how the Third Circuit offers defense attorneys a way to possibly get some data breach lawsuits dismissed. They write, in part: Taken together, Reilly and Horizon operate to create a diving line between circumstances where standing might exist in the Third Circuit. Under Horizon, standing can often be established where plaintiffs are…
Do we need tougher breach notification rules?
Hell, yes! Oh, you want more rationale and calm analysis? Read Nic Fearn’s reporting: When Travelex was hit by a ransomware attack on New Year’s Eve, not just taking down its website, but the systems that enable it to do business, it was days before it even admitted it. Even then, it would only say…
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…