Incident response planning, including tabletop exercises, is vital to the data breach preparedness of any organization. Data breaches can have a crippling effect on a business. Although data breaches at large companies dominate the headlines, data breaches occur at small and medium-sized businesses as well.
Earlier this year, South Dakota passed the state’s first data breach notification law. Prior to passage of the law, South Dakota was one of only two states that did not have a state data breach notification law. The law went into effect this past July.
To avoid what is becoming a common lawsuit, businesses need to be aware of the Illinois Biometric Information Privacy Act (BIPA) requirements. Two class action lawsuits were recently filed in Cook County Circuit Court by employees alleging violations of the BIPA by their respective employers.
A data protection ordinance was recently proposed in the City of Chicago. The “Data Collection and Protection Ordinance” (the Ordinance), sponsored by Aldermans Burke, Hopkins and Reilly, is a response to a string of high-profile data breaches that occurred during the past year.Continue Reading
On January 8, 2018, VTech Electronics Limited (VTech) agreed to settle charges brought by the Federal Trade Commission (FTC) that the company violated U.S. children’s privacy law. As part of the settlement, VTech agreed to pay a $650,000 civil penalty, refrain from further violation of the law, and implement a comprehensive data security compliance program.
The U.S. Court of Appeals for the 2nd Circuit recently upheld a district court decision dismissing a putative class action filed by two plaintiffs against the maker of the NBA2K videogame series. The plaintiffs alleged five violations of the Illinois Biometric Information Privacy Act (BIPA). The district court dismissed plaintiffs’ claims for lack of Article III standing, and the plaintiffs appealed.Continue Reading
The United States Supreme Court opinion in Spokeo (“Spokeo II) was viewed as a major decision in cybersecurity litigation. We at Mckenna Storer addressed the importance of that decision in this space in “No Harm, No Foul: Why Spokeo v. Robins is a Win for Data Privacy Defendants”. The results following that decision have been mixed for plaintiffs and defendants. In Spokeo II, the Court remanded the case to the U.S. Court of Appeals for the 9th Circuit, which recently issued its opinion on remand. The 9th Circuit held that Plaintiff has standing to sue Spokeo for violations of the Fair Credit Reporting Act (FCRA).
The Federal Trade Commission (FTC) recently updated its COPPA Compliance Plan for businesses. The Children’s Online Privacy Protection Act (COPPA) protects the privacy of children using websites and online services. Operators of websites and online services that collect personal information from kids under age 13 are covered by the Act. Failure to comply with COPPA can result in civil penalties up to $40,654 per violation. To assist business covered under COPPA, the FTC has published a 6-step compliance plan. In response to changing technologies in the marketplace, the FTC recently updated this plan.