Archives: Uncategorized

Subscribe to Uncategorized RSS Feed

State Updates on Cybersecurity Regulations: New York DFS Issues FAQs on Its Cybersecurity Regulations and Colorado Adopts Rules Applicable to Broker-Dealers and Investment Advisors

New York and Colorado have continued to take the lead in cybersecurity requirements for regulated financial institutions. The New York Department of Financial Services (DFS), which issued the first state cybersecurity regulation directed at its regulated financial institutions, 23 NYCRR Part 500, recently updated its “Frequently Asked Questions Regarding 23 NYCRR Part 500” on July … Continue Reading

And Now There are Three: Nevada Joins California and Delaware in Privacy Policy Requirements for Website Operators

The latest development with respect to privacy policies involves amendments to existing legislation governing state statutes governing the security of personal information for website operators and online service providers. (See June 30, 2017 Alert – FTC Issues Updated Guidance for Compliance with COPPA).  This may be the next wave of statutory amendments in the ongoing … Continue Reading

ALERT – FTC Issues Updated Guidance for Compliance with COPPA

On June 21, 2017, the Federal Trade Commission (FTC) updated its guidance for compliance with the Children’s Online Privacy Protection Act (COPPA).  COPPA regulates websites and other online services in connection with collection of information from children under 13.  The full version of the FTC’s updated guidance is available at https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance The FTC guidance instructs … Continue Reading

Two New Developments in Website Accessibility Cases: Nation’s First Website Accessibility Trial Verdict Is Far From a Winn for Retailers, and Hobby Lobby Is Dealt a Blow in California Decision

As numerous retailers know firsthand, website accessibility has become a hotbed for litigation in recent years. Despite plaintiffs filing scores of website accessibility claims against retailers each year, very few of these cases make it past pleadings, and there has been little to no guidance from the courts. This changed on June 13, 2017, in … Continue Reading

Chicago Attorneys Cinthia Granados Motley and Ashley Jackson Discuss Ways to Avoid Wrongful Collection of Data Claims

Chicago based  attorneys Cinthia Granados Motley and Ashley Jackson were published on Law360 February 7, 2017. The article, “10 Ways To Avoid Wrongful Collection Of Data Claims,” discusses tips by using the who, what, where, when and why of consumers to help answer the most asked questions.… Continue Reading

NY Cybersecurity Regs Could Spur Legal Work Nationwide

Orange County Partner Scott Lyon was recently quoted in Corporate Counsel’s article “NY Cybersecurity Regs Could Spur Legal Work Nationwide.” The article examines New York’s new proposed cybersecurity for financial institutions and insurers. Please click here to read the full article. (Subscription required)… Continue Reading

New Twist on Email Service of Process upon Foreign Corporations

Increasingly, federal courts are permitting plaintiffs to effect service of process by email upon foreign defendants pursuant to Rule 4(f)(3) of the Federal Rules of Civil Procedure. When applying FRCP 4(f)(3), the courts continue to exercise broad discretion to grant or deny the use of email service on foreign defendants on a case by case … Continue Reading

Remotely Hijacked Vehicles and Androids – How Vulnerable Is Your Personal Tech?

On Tuesday, July 21, 2015, Wired magazine published an article discussing a vulnerability in the Chrysler Uconnect feature through which an attacker may gain remote access to the vehicle’s CAN bus, allowing the attacker to manipulate not only the vehicle’s climate control and infotainment systems, but more importantly its transmission, braking, and steering controls. The security researchers who discovered … Continue Reading

Uber Privacy Policy Challenged by EPIC Letter to FTC

On Monday, the Electronic Privacy Information Center (EPIC) filed a complaint urging the Federal Trade Commission (FTC) to investigate Uber Technologies Inc.’s business practices, and in particular, its new privacy policy, which goes into effect July 15. Although Uber described its new policy as an attempt to clarify its existing terms, while also providing for … Continue Reading

FTC Advises That Mergers Don’t Eliminate Privacy Promises of Acquired Companies

The FTC recently posted comments on its business blog about the responsibility of companies to comply with privacy representations made to prior customers on how the companies will collect, use or disclose personal information, following a merger or change in ownership. Noting that companies must keep their promises to customers regarding the privacy of the … Continue Reading

Net Neutrality: More Winners Than Losers

On March 12, 2015, The Federal Communications Commission (FCC) released the full text of the Net Neutrality rules it approved last month. Net Neutrality essentially means an open Internet where all traffic is equal, anyone can publish content, and everyone has access to media. The new rules are not a guarantee that the Internet will … Continue Reading

Illinois Federal Court Leaves AMEX to Defend TCPA Claims Based on Third Party Actions

Recently, an Illinois federal court denied American Express’ (“AMEX”) motion for partial summary judgment, finding that AMEX can be directly liable under the Telephone Consumer Protection Act (“TCPA”) for debt collection and telemarketing calls made on its behalf. The court’s decision alleges that West Asset Management made debt collections calls on AMEX’s behalf to plaintiffs … Continue Reading

President Obama Issues Executive Order Urging Companies to Share Cybersecurity Threat Data

Speaking at the White House’s Summit on Cybersecurity and Consumer Protection at Stanford University this month, President Obama announced that an Executive Order was signed on February 13, urging private sector companies to share information about cybersecurity efforts and incidents.  Highlighting recent high-profile data breaches, President Obama stated that rapid information sharing is an essential … Continue Reading

Anthem Data Breach Spawns Class Action Suits and “Phishing” Scams

Last week, Anthem Inc. – the nation’s second largest health insurer – reported a data breach involving the disclosure of the personal information of over 80 million patients and employees. Plaintiffs wasted little time seeking redress, bringing class action lawsuits a day later in Alabama, Georgia and California federal courts alleging that Anthem failed to … Continue Reading

New York Attorney General Proposes Stiffer Data Security and Breach Notification Laws

New York State Attorney General Eric Schneiderman has proposed legislation that would make the state’s data security law the strongest in the country and require “unprecedented safeguards” for personal data. “With some of the largest-ever breaches occurring in just the last year, it’s long past time we updated our data security laws and expanded protections … Continue Reading

Obama Sets Forth Privacy Initiatives to Federal Trade Commission

Yesterday, President Barack Obama addressed the Federal Trade Commission (FTC) and outlined his proposal for protecting and strengthening consumer and student personal data. President Obama called on Congress to support his initiative by passing legislation stating “this mission, protecting our information and privacy in the information age, this should not be a partisan issue.” Specifically, … Continue Reading

Target Takes Aim at Consumers after Banks Win Opening Round

On Thursday, the attorney for Target Corporation (“Target”) made oral arguments in support of its motion to dismiss consumer claims stemming from the data breach it suffered late last year when hackers stole financial and personal information of approximately 110 million consumers during the busy Christmas holiday season. Nearly 60 lawsuits were filed by consumers … Continue Reading

Federal Trade Commission Shows Willingness to Credit Responsive Data Security Efforts in Exercising Enforcement Authority

In a change of pace, the Federal Trade Commission (“FTC”) recently decided not to pursue an enforcement action against Verizon Communication, Inc. (“Verizon”) following an investigation into whether Verizon violated Section 5 of the Federal Trade Commission Act, by engaging in “unfair or deceptive acts or practices” when it failed to secure the routers used … Continue Reading

Connecticut Supreme Court Ruling Allows Private Plaintiff to Assert Negligence Claims Based on HIPAA

Recently, the Connecticut Supreme Court ruled that a plaintiff may assert state law negligence claims against a healthcare clinic that allegedly released confidential patient health data based on the Health Insurance Portability and Accountability Act (“HIPAA”). The ruling enables private plaintiffs to use the standard of care set forth under HIPAA to support a negligence … Continue Reading

Class Action Plaintiffs Look to Fair Credit Reporting Act for Private Relief from Data Breaches Involving Health Information

A recent class action brought against the University of Miami (“University”) previews what could become an emerging trend among plaintiffs’ class action attorneys to seek damages for the unauthorized disclosure of personal health information under the Fair Credit Reporting Act (“FCRA” or the “Act”). Enforcement actions for data breaches involving the unauthorized disclosure of personal … Continue Reading

Canada’s Anti-Spam Legislation (CASL) Will Impact U.S. Companies

Canada’s Fighting Internet and Wireless Spam Bill, better known as Canada’s Anti-Spam Legislation (CASL), was enacted in December 2010, but enforcement of the law did not commence until July 1, 2014, on Canada Day. The law impacts any U.S. company or individual sending commercial electronic messages (CEMs) to businesses in Canada and it has several … Continue Reading
LexBlog