With the ever-changing complexity of state data breach notification laws, companies facing a data breach need resources that will help them understand the issues. This summary provides an overview of the similarities and differences in data breach laws adopted in the 50 United States and the District of Columbia and includes laws enacted since our
Online talent search company Explore Talent just landed in the spotlight of the Federal Trade Commission (FTC). The Vegas-based company was charged with violating the Children’s Online Privacy Protection Act (COPPA), which requires that companies collecting information online must obtain informed, verifiable parental consent before collecting any information from a child under 13. The company
In the latest round of the ongoing battle between Austrian privacy activist Max Schrems and Facebook, the European Court of Justice (CJEU) ruled that Schrems did not have standing to bring claims on behalf of Austrian consumers over Facebook’s alleged violations of users’ privacy rights. The court did, however, allow for Schrems to continue with
In response to the Equifax data breach last September, when hackers gained access to the personal information of 143 million consumers, Senators Elizabeth Warren (D-MA) and Mark Warner (D-VA) have introduced a bill, The Data Breach Prevention and Compensation Act of 2018, that would ultimately impose security obligations on credit reporting agencies (CRAs). The
The Federal Trade Commission (FTC) has approved changes TRUSTe proposed to its safe harbor program several months ago under the Children’s Online Privacy Protection Act (COPPA) Rule. The approved modifications include a new requirement that program participants conduct an annual internal assessment of third-parties’ collection of personal information from children on their websites or
The effects of the massive cyberattack using ransomware known as “Wanna Cry” are still being felt all over the world. Tens of thousands of organizations have been infected, including the UK’s National Health Service, which ran some services on an emergency-only basis the day the attack began in earnest. Some security experts surmise
The National Telecommunications and Information Administration (NTIA) has announced it is convening a series of multistakeholder meetings concerning Internet of Things (IoT) Security Upgradability and Patching. The initial meeting will be held in Austin, Texas, on October 19, 2016. An associated Federal Register notice (expected to be published September 19, 2016) describes the short-term goal
On August 4, 2016, the Federal Communications Commission (FCC) released a Declaratory Ruling granting in part two separate petitions that were filed last year – one by the Edison Electric Institute and American Gas Association, and another by Blackboard, Inc. – regarding application of the Telephone Consumer Protection Act of 1991 (TCPA) to certain types
We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015.
Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that
The new European Union General Data Protection Regulation (GDPR) (Regulation 2016/679, Apr. 27, 2016) will replace the Data Protection Directive (Directive 95/46/EC) effective May 25, 2018. The GDPR has been a long time coming, and introduces a host of new requirements for companies that use or process data in the EU, or simply use or
