Clicky

Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Tag Archives: data breach

Eleventh Circuit Rules “Damages” Properly Alleged in Data Breach-Identity Theft Lawsuit

Posted in Damages, Identity Theft, Lawsuit, Motion to Dismiss

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. In a case of first impression in the Eleventh Circuit, the Court ruled in a 2-1 opinion that the plaintiffs in a putative class action had sufficiently alleged liability against a health plan provider for a data breach involving actual identity theft.  The Court’s opinion, decided… Continue Reading

Two Northeast States Update Breach Notification Statutes – CT & VT

Posted in Data Privacy Law or Regulation

In the last month both Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to closely monitor state legislatures, particularly end of session happenings. Each modification highlights the growing trend of states requiring notification to the state’s attorney general, under often new compressed timeframes.

New Ponemon Data Breach Study Finds Breach Costs Have Fallen

Posted in Breach Notification

Since its first issue seven years ago, the Ponemon Institute’s annual Cost of Data Breach Study (“CDBS”) has become a must read for privacy and breach professionals. The latest CDBS study, covering the 2011 year, can be considered a bookend to Verizon’s annual Data Breach Investigations Report, which 2012 edition was likewise recently released  The… Continue Reading

Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute “Damages” in Hannaford Breach Case

Posted in Damages, Motion to Dismiss

In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the “Court of Appeals”) held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.

Blumenthal Bill Bumps Up Big Fines for Data Thefts and Security Breaches

Posted in Privacy Law

Late last week Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011, S.1535, that if ultimately passed would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize as felonies the installation of software that collects “sensitive” PII without clear and conspicuous notice and consent, and specifies requirements that companies collecting or storing the online data of more than 10,000 individuals adhere to data storage guidelines, including auditing the information security practices of contractors and third party business entities. Penalties include up to $10,000 per violation per day up to a maximum of $20,000,000 per violation per individual.

California Amends Its Data Breach Law – For Real, This Time! (As California Goes, So Goes the Nation? Part Three)

Posted in Breach Notice, Breach Notification

California’s infamous SB 1386 (California Civil Code sections 1798.29 and 1798.82) was the very first security breach notification law in the nation in 2002, and nearly every state followed suit. Many states added their own new twists and variations on the theme – new triggers for notification requirements, regulator notice requirements, and content requirements for the notices themselves. Over the years, the California Assembly and Senate have passed numerous bills aimed at amending California’s breach notification law to add a regulator notice provision and to require the inclusion of certain content. However, Governor Schwarzenegger vetoed the bills on multiple occasions, at least three times. Earlier this year, State Sen. Joe Simitian (D-Palo Alto) introduced Senate Bill 24, again attempting to enact such changes. Yesterday, August 31, 2011, Governor Brown signed SB 24 into law.

Russia Data Protection Enforcement Update – Administrative Charges Follow Breach

Posted in Enforcement

It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country’s data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.