CyberAdviser

Insights from the frontlines of privacy and data security law

Delaware and New Hampshire Join Growing List of States With New Insurance Data Security Laws

By Malia K. Rogers, Gregory P. Szewczyk & Philip N. Yannella on August 9, 2019

Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s law enacted a few days earlier. Notably, while Connecticut followed the New York Department of Financial Services’ 2017 Cybersecurity Regulations model, Delaware and New Hampshire followed South Carolina, Ohio, Michigan, and Mississippi in adopting a version of the model…

CyberAdviser

Connecticut Becomes Latest State to Enact Insurance Data Security Law

By Gregory P. Szewczyk & Philip N. Yannella on August 2, 2019

On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers, and other businesses licensed by the Connecticut Insurance Department (“CID”). In doing so, Connecticut joins New York, South Carolina, Ohio, Michigan, and Mississippi as states that have enacted information security laws for insurance companies. However, whereas the recent trend has been to follow…

CyberAdviser

Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order

By Philip N. Yannella, Kim Phan & Katie Morehead on July 24, 2019

Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines, arising from its violation of a 2012 consent order with the FTC. According to the FTC, this is the largest fine ever levied by a U.S. regulatory agency against a company for a privacy or data security violation by a…

CyberAdviser

Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach

By Philip N. Yannella, Kim Phan & Katie Morehead on July 23, 2019

Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date.…

CyberAdviser

New York State Data Privacy Law Fails

By Philip N. Yannella on July 19, 2019

New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead. New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA in many ways. The law would have applied to non-profits as well as for profits, and included a private right…

CyberAdviser

California Senate Judiciary Committee Advances Amendments to the CCPA

By Gregory P. Szewczyk & Alexia C. Chapman on July 10, 2019

At what has been described as a marathon hearing that lasted late into the night of July 9, the California Senate Judiciary Committee advanced several amendments to the California Consumer Privacy Act (the “CCPA”), but major changes that opponents claimed would have eroded privacy protections for consumers largely failed. The bills advanced from the Senate Judiciary Committee will now go to the Appropriations Committee, and if they pass, to a full Senate vote. Among the…

CyberAdviser

Ballard Launches US State Privacy Law Tracker

By Philip N. Yannella on June 13, 2019

Since the passage of the California Consumer Privacy Act (CCPA) in June 2018, over a dozen US states have proposed their own privacy laws, many of which are nearly identical to the CCPA. Some of these proposals have since become law. Others are in different stages of the legislative process. To help clients keep track of the status of these proposed laws, Ballard has launched a US State Privacy Law Tracker. We’ll be updating the Tracker as…

CyberAdviser

8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.

By Philip N. Yannella on June 3, 2019

Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. As we explained, because retail breaches rarely involve theft of social security numbers, date of birth, healthcare information or other data that can be used to commit identity theft, courts have typically found that plaintiffs in such cases lack standing to…

CyberAdviser

Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low

By Philip N. Yannella on May 31, 2019

For years, plaintiffs in data breach class actions have argued that the threshold for Article III standing is low – and increasingly courts are accepting that argument. The Saks data breach class action, pending in the Southern District of New York, is the latest example of a federal court finding that Article III standing exists even where the plaintiff’s asserted injuries are very minimal.…

CyberAdviser

A Modest HIPAA Settlement

By Edward I. Leeds on May 30, 2019

The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care providers. The resolution agreement requires Medical Informatics Engineering, Inc. (MIE) to pay $100,000 and adhere to a corrective action plan. Under the corrective action plan, MIE must conduct a security risk assessment and implement a security risk management plan under…

CyberAdviser

Insights from the frontlines of privacy and data security law

Blog Authors

Delaware and New Hampshire Join Growing List of States With New Insurance Data Security Laws

Connecticut Becomes Latest State to Enact Insurance Data Security Law

Facebook to Pay $5 Billion for Violating 2012 FTC Consent Order

Equifax Reaches Historic $575 Million Settlement Agreement Arising from 2017 Data Breach

New York State Data Privacy Law Fails

California Senate Judiciary Committee Advances Amendments to the CCPA

Ballard Launches US State Privacy Law Tracker

8th Circuit Decision in SuperValu Class Action is a Reminder that Injury and Damages Aren’t the Same Thing.

Court Ruling in Saks Data Breach Case Illustrates That Threshold for Article III Standing Is Low

A Modest HIPAA Settlement

Company

Support

New to the Network

Blog Authors

Latest from CyberAdviser