Tag archives: breach

Apply the law where breached servers are located?

On June 28, 2022, a federal trial court in South Carolina ruled that a group of consumers could proceed with common law negligence and gross negligence claims if they could meet the state law elements where the breached servers were located—in this case, Massachusetts.  In re Blackbaud, Inc. Customer Data Breach Litigation, Case No.: 3:20-mn-02972-JFA, … Continue reading

Nine States Pass New And Expanded Data Breach Notification Laws

Data Protection Report - Norton Rose FulbrightIn the absence of federal action, states have been actively passing new and expanded requirements for privacy and cybersecurity (see some examples here and here). While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach notification laws. Illinois, Maine, Maryland, Massachusetts, New Jersey, New … Continue reading

Parenting support club Bounty fined in ‘unprecedented’ data breach

Norton Rose Fulbright - Data Protection Report blogOn 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading

FDA issues final guidance on postmarket medical device cybersecurity

Data Protection Report - Norton Rose FulbrightOn December 28, 2016, the U.S. Food and Drug Administration (FDA) released final guidance on the management of cybersecurity vulnerabilities for marketed and distributed medical devices.  The guidance establishes a risk-based approach for the reporting of medical device cybersecurity vulnerabilities to the FDA.… Continue reading

Increased Risk of Fraudulent Charges and Identity Theft Sufficient to Confer Article III Standing According to 7th Circuit

Data Protection Report - Norton Rose FulbrightAfter a district court dismissed a lawsuit filed by customers of restaurant chain P.F. Chang’s China Bistro whose payment card information was stolen during a data breach, the 7th Circuit Court of Appeals has revived the suit.  In a ruling last week, the appellate panel found that customers whose payment card information was stolen in … Continue reading

China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country

Data Protection Report - Norton Rose FulbrightOn July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China. The draft expressly provides that the law will apply equally to both Chinese and international businesses.… Continue reading

Canada amends federal data protection law, PIPEDA

Data Protection Report - Norton Rose FulbrightOn June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the country’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). Many of the amendments are scheduled to come into force on a date to be determined by the government. The revised requirements (highlighted below) will have a … Continue reading

NLRB asserts employers must bargain with unions on breach response

Data Protection Report - Norton Rose FulbrightThe U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former … Continue reading

Washington State amends its breach notification law

Data Protection Report - Norton Rose FulbrightA more robust data breach notification law looks to make its way onto the books in the state of Washington as newly passed legislation was sent to Governor Jay Inslee’s desk earlier this week for final approval.  House Bill 1078, which has now passed both legislative houses by unanimous vote, if ultimately signed by the … Continue reading

White House Releases Draft Consumer Privacy Bill of Rights Act

Data Protection Report - Norton Rose FulbrightLate afternoon last Friday, the White House released its draft Consumer Privacy Bill of Rights Act (the “Act”).  This follows on the heels on the President’s announcement of cybersecurity as a top priority of the administration, which foreshadowed the release of the Act and included other initiatives, including one for a single national breach notification … Continue reading

Anthem breach poses significant cybersecurity risks for Anthem’s customers; may trigger legal obligations

Data Protection Report - Norton Rose FulbrightOrganizations whose employees are insured by Anthem or whose self-insured health plans are administered by Anthem should consider steps to mitigate the cybersecurity and legal risk arising from the breach recently reported by Anthem. The hackers who perpetrated the Anthem breach are likely to use the personal information they took for further cyberattacks against affected … Continue reading

Just what the doctor ordered: President outlines national breach law proposal

Data Protection Report - Norton Rose FulbrightLeading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading

Cybersecurity to be named a top priority for the US in the state of the union address

Data Protection Report - Norton Rose FulbrightMedia outlets previewing the President’s upcoming State of the Union Address (to be delivered on Tuesday, January 20 at 9 pm ET) have reported that the President will name cybersecurity as one of the top issues that businesses and the government must tackle in 2015. The President has characterized cyberattacks and cyber warfare as a “direct threat” to … Continue reading
LexBlog