From the FTC, this press release: Kohl’s Department Stores, Inc. has agreed to pay a civil penalty of $220,000 to settle Federal Trade Commission allegations that the Wisconsin-based retailer violated the Fair Credit Reporting Act (FCRA) by refusing to provide complete records of transactions to consumers whose personal information was used by identity thieves. In…
Category: Legislation
Amidst A Pandemic, New York Quietly Implements Its Enhanced Data Security Law
Timothy Carter and Susan Kohn Ross of Mitchell Silberberg & Knupp LLP write: While much attention and focus has rightly been placed on the California Consumer Privacy Act and the dramatic expansion of privacy rights for California residents that it heralds, a number of other states have quickly followed suit, working to strengthen their respective…
Third Circuit Offers Blueprint for Defeating Data Breach Class Actions
Jeffrey N. Rosenthal and David J. Oberly discuss how the Third Circuit offers defense attorneys a way to possibly get some data breach lawsuits dismissed. They write, in part: Taken together, Reilly and Horizon operate to create a diving line between circumstances where standing might exist in the Third Circuit. Under Horizon, standing can often be established where plaintiffs are…
Do we need tougher breach notification rules?
Hell, yes! Oh, you want more rationale and calm analysis? Read Nic Fearn’s reporting: When Travelex was hit by a ransomware attack on New Year’s Eve, not just taking down its website, but the systems that enable it to do business, it was days before it even admitted it. Even then, it would only say…
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
FTC May Change Obscure Data Breach Rule In Telehealth Era
Ben Kochman reports: The Federal Trade Commission said Friday that it is considering changing a decade-old, little-used rule that requires certain companies handling health information to publicly report data breaches — and which could gain new relevance as consumers increasingly turn to telehealth. The consumer protection agency says it is soliciting comments on whether it should make…