Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s law enacted a few days earlier. Notably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity
Connecticut Becomes Latest State to Enact Insurance Data Security Law
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”). In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi
Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order
Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines, arising from its violation of a 2012 consent order with the FTC. According to the FTC, this is the largest fine ever levied by a U.S. regulatory agency against a company for a privacy or data security violation by a factor of 20—and one of the largest penalties ever assessed by the U.S. government.
Continue Reading Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order
Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date.
Continue Reading Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach
New York State Data Privacy Law Fails
New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead. New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA
Ballard Launches US State Privacy Law Tracker
Since the passage of the California Consumer Privacy Act (CCPA) in June 2018, over a dozen US states have proposed their own privacy laws, many of which are nearly identical to the CCPA. Some of these proposals have since become law. Others are in different stages of the legislative process. To help clients keep track of the status of these proposed laws, Ballard has launched a US State Privacy Law Tracker. We’ll be updating the Tracker as these laws progress and states propose new privacy laws, so check back regularly.
Continue Reading Ballard Launches US State Privacy Law Tracker
8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.
Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. As we explained, because retail breaches rarely involve theft of social security numbers, date of birth, healthcare information or other data that can be used to commit identity theft, courts have typically found that plaintiffs in such cases lack standing to pursue their claims in federal court.
Continue Reading 8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.
Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low
For years, plaintiffs in data breach class actions have argued that the threshold for Article III standing is low – and increasingly courts are accepting that argument. The Saks data breach class action, pending in the Southern District of New York, is the latest example of a federal court finding that Article III standing exists even where the plaintiff’s asserted injuries are very minimal.
Continue Reading Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low
Proposed Expansion of CCPA’s Private Right of Action Defeated in State Senate
In April 2019, the California Assembly Privacy and Consumer Protection Committee rejected a proposal known commonly as the “Privacy for All Act” (AB-1760), which among other things would have provided a private right of action for all violations of the California Consumer Privacy Act (CCPA). The rejection of AB-1760 was a blow to consumer privacy advocates. A similar measure, SB-561, would also have provided a private right of action for all privacy violations. That bill has also been defeated, meaning that the CCPA’s private right of action provisions will not be expanded this year.
Continue Reading Proposed Expansion of CCPA’s Private Right of Action Defeated in State Senate
Proposed Amendments to the California Consumer Privacy Act May Limit Scope of the Act
Following the speedy enactment of the California Consumer Privacy Act (CCPA or Act) in June 2018, business and consumer advocates alike have been pressuring California lawmakers to clarify the many ambiguities raised by the Act’s sweeping requirements. California lawmakers recently responded to these calls for greater clarity by proposing a slate of amendments to address some of the more controversial provisions of the CCPA, including the definition of “personal information”, requirements regarding information sharing, and the scope of industry exemptions.
Continue Reading Proposed Amendments to the California Consumer Privacy Act May Limit Scope of the Act