On August 4, 2016, the Federal Communications Commission (FCC) released a Declaratory Ruling granting in part two separate petitions that were filed last year – one by the Edison Electric Institute and American Gas Association, and another by Blackboard, Inc. – regarding application of the Telephone Consumer Protection Act of 1991 (TCPA) to certain types
We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015.
Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that
The new European Union General Data Protection Regulation (GDPR) (Regulation 2016/679, Apr. 27, 2016) will replace the Data Protection Directive (Directive 95/46/EC) effective May 25, 2018. The GDPR has been a long time coming, and introduces a host of new requirements for companies that use or process data in the EU, or simply use or
Last year, we noted that the Supreme Court had granted certiorari in a case that could limit the ability of plaintiffs to sue defendants over bare statutory violations without the showing of actual injury. The case implicates a wide variety of statutes that grant monetary awards to successful plaintiffs on
Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent
On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to
On February 29, 2016, the European Commission’s (EC) released a much anticipated draft adequacy decision on the EU–U.S. Privacy Shield. With this and enactment of the Judicial Redress Act last week (see our post here), the European Union came yet another step closer to finalizing the agreement between the EU and the U.S. to enable
On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal. The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal
On December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015
