Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a...more
Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again.
This November 6th, California voters will decide on the California Consumer Privacy Act...more
You’ve probably heard of the dreaded four-letter word – GDPR. Companies around the globe had been preparing for the May 25th implementation date for quite some time. But U.S.-based companies with no apparent EU presence may...more
Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for...more
New York Attorney General Eric T. Schneiderman and Vermont Attorney General TJ Donovan (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc. (“Hilton”) resolving allegations that the...more
Target Corporation agreed to an $18.5 million settlement with 46 State Attorneys General and the Attorney General of the District of Columbia this week, resolving allegations that the company failed to provide reasonable data...more
Last week, the New Mexico Legislature passed The Data Breach Notification Act (“Act”). Once the Act is signed by Governor Susana Martinez, New Mexico will join 47 other U.S. states (along with D.C., Guam, Puerto Rico, and the...more
The Federal Trade Commission has filed a lawsuit in federal court claiming that a networking equipment manufacturer engaged in unfair and deceptive acts, exposing thousands of consumers to the risk of cyberattack from...more
Remember the 2015 AshleyMadison.com data breach, where hackers gained access to the personal information of about 36 million users from over 46 countries, and threatened and carried through on their promise to release the...more
The Department of Homeland Security (DHS) has published non-binding principles and best practices to help businesses work through key Internet-of-Things (IoT) security issues. Entitled “Strategic Principles for Securing the...more
Last month, several state Attorneys General announced a $1M settlement with Adobe Systems, Inc. in connection with a 2013 data incident involving the personal information of roughly 534,000 consumers. The 15 Attorneys General...more
The Federal Trade Commission released a new guide for businesses on data breach response yesterday along with a three-minute video summary. The 14-page guide highlights the immediate steps a business should take when...more
Yesterday, the Vermont Attorney General announced a settlement with business-to-business software developer Entrinsik, Inc., resolving allegations that the company’s Informer program violated Vermont law, including the law...more
On March 2, the CFPB settled its first data security enforcement action against Iowa-based Dwolla Inc. Launched as a startup in 2009, Dwolla is an online payment platform that enables customers to transfer money directly...more
On Wednesday, May 20, 2015, the FCC’s Enforcement Bureau issued its first enforcement advisory in the post-Open Internet Order era. Not surprisingly, the Bureau’s first advisory addressed the consumer privacy obligations of...more