Data Security

Following a breach affecting 145 million consumers, the Federal Trade Commission has announced a settlement with Equifax for up to $700 million, the largest ever for a data breach. In the same action, Equifax also settled with...

Read More →

New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new...

Read More →

Following a yearlong investigation triggered in part by the Cambridge Analytica incident, the Federal Trade Commission (FTC) has announced a much anticipated settlement with Facebook, Inc. The Commission determined that the company violated its existing 2012 FTC Order...

Read More →

The California Consumer Privacy Act (“CCPA”) goes into effect on January 1, 2020, but the contours of the law are still being ironed out. Following a marathon debate at a California Senate Judiciary Committee Hearing,...

Read More →

Tricky Topics in CCPA Compliance

June 10, 2019 | 0 Comments

At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as...

Read More →

The Department of Health and Human Services (“HHS”) may have signaled its interest in pursuing more enforcement actions against business associates. On May 24, 2019, the HHS Office for Civil Rights (“OCR”), released a fact sheet on the...

Read More →

In the year since the General Data Protection Regulation (“GDPR”) went into effect on May 25, 2018, companies worldwide have been adapting to the new privacy rules—and EU regulators have also been busy adjusting to the new...

Read More →

Arkansas has updated its breach notification law to expand the definition of “personal information” and to require notifying the Arkansas Attorney General when a breach involves more than 1,000 individuals’ personal information. On April 15, 2019, Governor...

Read More →

On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing the time an entity has to...

Read More →

The Death Knell for Class Arbitration?

May 6, 2019 | 0 Comments

On April 24, 2019, the U.S. Supreme Court held in Lamps Plus v. Varela that under the Federal Arbitration Act (“FAA”), class arbitration is only permitted when explicitly provided for in arbitration agreements. The 5-4 decision...

Read More →