On October 19, 2021, a federal trial court in South Carolina ruled that a group of consumers could proceed with common law negligence and gross negligence claims directly against their organizations’ vendor that had been the victim of a security breach—instead of suing the organizations of which they were customers. In re Blackbaud, Inc. Customer Data Breach Litigation, Case No.: 3:20-mn-02972-JMC, MDL No. 2972 (D.S.C. Oct. 19, 2021). The court therefore denied the vendor’s motion to dismiss these counts in the plaintiff’s complaint, although it did grant the motion to dismiss for the plaintiff’s negligence per se and unjust enrichment claims.
October 2021
NT Analyzer: Does your app track users that opted-out of tracking?
A transparency-focused privacy software company confirms that some apps are continuing to transmit data despite some users having opted-out of “tracking.”
The study tested 10 popular apps and discovered that some continue to track even though those users have “ask[ed]…
Where data meets IP – protecting business data in a commercial context
In our previous publication, we discussed how a business’ data can be protected by characterizing it as intellectual property and protecting it as such. One of the most common ways to protect business data in a commercial context is…
Apple iOS 15’s new privacy features that industries should know
Apple recently released the latest version of its iPhone operating system, iOS 15. While iOS 15 currently has only a 15% adoption rate, the new operating system brings a slew of new features that are privacy-specific and can…
Hong Kong: Bill to combat doxxing acts passed
The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021.
As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO…
US Senate considers mandating 24-hour reporting requirement for ransom payments
On September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the…
Connecticut tightens its data breach notification laws
Effective October 1, 2021, an amendment[1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. The amendment:
- Expands the definition of “personal information”;
- Shortens the notification deadline after discovery
…