On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was
On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the
On July 1, the Consumer Financial Protection Bureau (CFPB or Bureau) released a FCRA Tenant Screening Enforcement Compliance Bulletin, outlining its enforcement focus areas as the country transitions to a post-pandemic rental market. The Bureau states that it “intends to look carefully at the accuracy and dispute-handling practices of [consumer reporting agencies “CRAs”] that
A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich., June 25, 2019), Gary Lin, a Virginia resident, filed a putative class-action lawsuit against Crain Communications, Inc. (Crain), a Michigan-based publishing
The Consumer Financial Protection Bureau (CFPB) and SettleIt, Inc., an online debt-settlement company, have agreed to settle “abusiveness” claims for $1.4 million.
In an April 13 complaint filed in a California federal court, the CFPB detailed SettleIt’s business practices and alleged SettleIt concealed information from its customers. SettleIt negotiates with creditors to reduce and settle
On March 15, California Attorney General Xavier Becerra announced that the California Office of Administrative Law approved his fourth set of proposed modifications to the California Consumer Privacy Act’s (CCPA) implementing regulations (Fourth Set of Modifications), completing the finalization process.
In announcing the approval of the Fourth Set of Modifications, Attorney General Becerra
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently
On February 4, the New York Department of Financial Services (DFS) released the Cyber Insurance Risk Framework (Framework), which is considered the first guidance by a U.S. regulator on cyber insurance. The Framework is aimed at property and casualty insurers that provide cyber insurance, as well as other insurers that do not write specific cyber
The Eleventh Circuit affirmed a district court’s dismissal for lack of standing in a data incident case. The majority opinion, written by Senior Judge Gerald Bard Tjoflat and joined by Judge Adalberto Jordan and Senior Fourth Circuit Judge William Traxler sitting by designation, highlighted the disagreement among federal appellate courts about the type of harm
Last week, Judge Sue Myerscough declined to certify a class of employees whose personal information was disclosed when Driveline Retail Merchandising fell prey to a phishing scam. While nearly 16,000 employees were allegedly affected, “issues of causation and injury” were insufficiently common to satisfy the requirements for class certification.
The factual background will resonate with