Photo of Sheila A. MillarPhoto of Tracy P. Marshall

We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015.

Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that

Photo of Sheila A. MillarPhoto of Douglas J. BehrPhoto of Tracy P. Marshall
SCOTUS at dusk, Joe Ravi | CC-BY-SA 3.0
Joe Ravi | CC-BY-SA 3.0

Last year, we noted that the Supreme Court had granted certiorari in a case that could limit the ability of plaintiffs to sue defendants over bare statutory violations without the showing of actual injury. The case implicates a wide variety of statutes that grant monetary awards to successful plaintiffs on

Photo of Sheila A. MillarPhoto of Douglas J. Behr

Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent

Photo of Sheila A. MillarPhoto of Tracy P. Marshall
Members of the Federal Communications Commission, Nov. 2013
Members of the Federal Communications Commission, Nov. 2013

On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

On February 29, 2016, the European Commission’s (EC) released a much anticipated draft adequacy decision on the EU–U.S. Privacy Shield.  With this and enactment of the Judicial Redress Act last week (see our post here), the European Union came yet another step closer to finalizing the agreement between the EU and the U.S. to enable

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal.  The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

On December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and

Photo of Sheila A. MillarPhoto of Tracy P. Marshall

We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015