On September 20, nine Democratic senators wrote a letter to the Federal Trade Commission (FTC), requesting that it create new rules to protect consumers’ personal data and privacy.
The senators played on FTC Chair Lina Khan’s aversion to Big Tech and aggressive antitrust agenda, which we discussed in a prior post, by stating that
Data brokers beware, the Securities Exchange Commission (SEC) has signaled increased scrutiny into the data and privacy practices of technology-enabled companies in the financial services industry. On September 14, the SEC announced that it settled a securities fraud investigation into private technology company App Annie, Inc. and its former CEO and Chairman Bertrand Schmidt, in
On July 19, and just over one year after his office began enforcing the California Consumer Privacy Act (CCPA), California Attorney General Rob Bonta announced that he is “seeing great progress” with CCPA enforcement, even while he urged Californians to take advantage of their new rights under the CCPA.
“Enforcement of the CCPA marks an
The Second Circuit recently issued a decision in McMorris v. Carlos Lopez & Associates, LLC, No. 19-4310, 2021 U.S. App. LEXIS 12328 (2nd Cir. Apr. 26, 2021), which clarifies the circumstances under which plaintiffs alleging an increased risk of future identity theft or fraud due to the exposure of their personal data can establish Article III standing. Notable for being the first Second Circuit decision to address privacy-related standing questions that had arguably created a circuit split, the court endorsed a three-factor framework that would reject a finding of Article III standing absent sufficient evidence of “increased risk” of future fraud or identity theft, but which left open the possibility that standing could still be established where plaintiffs allege a sufficient likelihood of misuse of their personal data.
A federal court in Michigan recently ruled that out-of-state residents have standing to sue under the Michigan Personal Privacy Protection Act (PPPA). In Lin v. Crain Communications, Inc., Case No. 2:19-cv-11889 (E.D. Mich., June 25, 2019), Gary Lin, a Virginia resident, filed a putative class-action lawsuit against Crain Communications, Inc. (Crain), a Michigan-based publishing
At the Nationwide Multistate Licensing System (NMLS) Annual Conference, state financial regulators released an updated cybersecurity examination tool for nonbank financial company supervision. The tool is designed for state regulators to use in examinations, but “companies are encouraged to use it to assess their cybersecurity health between examinations.”
State regulators are continuing to find new
We have long predicted that just as other states followed California in passing breach notification laws, states would follow in California’s footsteps in regulating information privacy practices with the California Consumer Privacy Act of 2018 (CCPA), which was later amended by the California Privacy Rights Act of 2020 (CPRA).[1] The Virginia state legislature recently
On February 4, the New York Department of Financial Services (DFS) released the Cyber Insurance Risk Framework (Framework), which is considered the first guidance by a U.S. regulator on cyber insurance. The Framework is aimed at property and casualty insurers that provide cyber insurance, as well as other insurers that do not write specific cyber
The Eleventh Circuit affirmed a district court’s dismissal for lack of standing in a data incident case. The majority opinion, written by Senior Judge Gerald Bard Tjoflat and joined by Judge Adalberto Jordan and Senior Fourth Circuit Judge William Traxler sitting by designation, highlighted the disagreement among federal appellate courts about the type of harm
Last week, Judge Sue Myerscough declined to certify a class of employees whose personal information was disclosed when Driveline Retail Merchandising fell prey to a phishing scam. While nearly 16,000 employees were allegedly affected, “issues of causation and injury” were insufficiently common to satisfy the requirements for class certification.
The factual background will resonate with