Sara Goldstein

Firm/Organization: Baker & Hostetler LLP

Latest Articles

Settlement Reached Between Neiman Marcus and State Attorneys General for $1.5 Million for 2013 Payment Card Breach

By Aaron Lancaster & Sara Goldstein on January 18, 2019

Last week, the attorneys general (AGs) of 43 states and the District of Columbia announced they reached a $1.5 million settlement with Neiman Marcus Group LLC to resolve an investigation of a 2013 data breach that involved the payment card information of thousands of customers. On Jan. 10, 2014, Neiman Marcus publicly announced that it had experienced a security incident involving its payment processing system that may have resulted in unauthorized access to the payment…

Data Privacy Monitor

A New Year Brings a New Vermont Law Aimed at Data Brokers and Credit Reporting Agencies

By Laura E. Jehl & Sara Goldstein on January 15, 2019

On Jan. 1, 2019, a new Vermont law intended to protect consumers by imposing new requirements on “data brokers,” companies that aggregate and sell consumer information, and credit reporting agencies took effect. Under the new law, data brokers must comply with registration, information security safeguards and reporting requirements, while credit reporting agencies are prohibited from assessing fees for establishing or removing security freezes. The Vermont legislature’s intent in enacting the new law is fourfold: (1)…

Data Privacy Monitor

New Mexico Attorney General Is Turning Up the Heat on Enforcement of Data Privacy Laws

By Sara Goldstein & Aaron Lancaster on September 18, 2018

With the announcement last week of its new lawsuit against several tech companies for violating Children’s Online Privacy Protection Act (“COPPA”), the FTC Act, and New Mexico’s Unfair Practices Act (“UPA”), the State of New Mexico Office of the Attorney General appears to be the latest in an expanding list of state attorneys general who are focusing more on the enforcement of federal and state data privacy and cyber security laws.…

Data Privacy Monitor

Is a New Federal Data Privacy Law on the Horizon? The Tech Industry Sure Hopes So

By Laura E. Jehl & Sara Goldstein on September 17, 2018

Despite several failed attempts in recent years, there is a new effort underway to enact a federal data privacy law, and it’s being led by a somewhat unlikely source – the tech industry. Although they were resistant to a federal privacy law in the past, powerful tech industry players now appear to be publicly embracing such legislation. Last week, several tech industry trade groups and consortia released statements supporting the creation of a national privacy…

Data Privacy Monitor

New Jersey Attorney General’s Office Ramping Up Data Privacy and Cybersecurity Enforcement Efforts

By Sara Goldstein on June 4, 2018

The Office of the New Jersey Attorney General (AG’s Office) recently announced that it will be creating a new civil enforcement unit, known as the Data Privacy & Cybersecurity Section (DPC Section), to investigate data breaches impacting New Jersey residents and to enforce federal and state data privacy and cybersecurity laws. New Jersey’s AG joins an expanding list of state AGs, including those of California, Connecticut, Indiana, Maryland, Massachusetts, New York, and North Carolina, who…

Data Privacy Monitor

Last but not least: Alabama enacts a data breach notification law with strong notification and security requirements

By Andreas Kaltsounis & Sara Goldstein on May 1, 2018

Several weeks ago, South Dakota and Alabama became the final two states to enact data breach notification laws. The Alabama Data Breach Notification Act of 2018 takes effect on May 1, 2018, and imposes information security, breach notification and data disposal requirements on organizations handling Alabama residents’ personal information. Alabama requires organizations to implement and maintain reasonable security measures Alabama joins a minority of states that mandate security controls; its new law requires organizations that…

Data Privacy Monitor

South Dakota Becomes 49th State to Enact a Data Breach Notification Law

By Sara Goldstein on March 27, 2018

One of two remaining states without a data breach notification law has finally enacted one of its own. On March 21, 2018, South Dakota Governor Dennis Daugaard signed South Dakota Senate Bill 62 into law, creating the newest state data breach notification law, making Alabama the last holdout. South Dakota’s new statute, which will be added as a new section to S.D. Codified Law § 22-40, is similar to other state data breach notification laws;…

Data Privacy Monitor

Industry Watchdog Reminds Digital Advertisers of the Importance of Providing Consumers With Transparency and Choice in Latest Enforcement Actions

By Alan L. Friel & Sara Goldstein on August 28, 2017

Two digital advertising companies, Adbrain and Exponential Interactive, were cited in recent decisions by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for not complying with the online advertising industry’s requirements for interest-based advertising (IBA), the practice of tracking users across time and services to build interest profiles on them in order to serve more relevant ads. The latest in a series of enforcement actions by the OIBAAP for noncompliance with the Digital…

Sara Goldstein

Settlement Reached Between Neiman Marcus and State Attorneys General for $1.5 Million for 2013 Payment Card Breach

A New Year Brings a New Vermont Law Aimed at Data Brokers and Credit Reporting Agencies

New Mexico Attorney General Is Turning Up the Heat on Enforcement of Data Privacy Laws

Is a New Federal Data Privacy Law on the Horizon? The Tech Industry Sure Hopes So

New Jersey Attorney General’s Office Ramping Up Data Privacy and Cybersecurity Enforcement Efforts

Last but not least: Alabama enacts a data breach notification law with strong notification and security requirements

South Dakota Becomes 49th State to Enact a Data Breach Notification Law

Industry Watchdog Reminds Digital Advertisers of the Importance of Providing Consumers With Transparency and Choice in Latest Enforcement Actions

Company

Support

New to the Network