Posts tagged data breach

Attorney General, Attorney General Richard Santalesa, Breach, Connecticut, data, data breach

Two Northeast States Update Breach Notification Statutes - CT & VT

By InfoLawGroup LLP on June 20, 2012

In the last month both Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to closely monitor state legislatures, particularly end of session happenings. Each modification highlights the growing trend of states requiring notification to the state's attorney general, under often new compressed timeframes.

damages, data breach, Hannaford, motion to dismiss Hannaford data breach payment card PCI DSS, payment card, PCI DSS

Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute "Damages" in Hannaford Breach Case

By InfoLawGroup LLP on October 24, 2011

In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the "Court of Appeals") held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.

data breach, data brokers, data privacy, data protection law, Senator Blumenthal

Blumenthal Bill Bumps Up Big Fines for Data Thefts and Security Breaches

By InfoLawGroup LLP on September 13, 2011

Late last week Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011, S.1535, that if ultimately passed would levy significant penalties for identify theft and other "violations of data privacy and security," criminalize as felonies the installation of software that collects "sensitive" PII without clear and conspicuous notice and consent, and specifies requirements that companies collecting or storing the online data of more than 10,000 individuals adhere to data storage guidelines, including auditing the information security practices of contractors and third party business entities. Penalties include up to $10,000 per violation per day up to a maximum of $20,000,000 per violation per individual.

Attorney General, Breach, California, content, data breach, Governor Brown, notice, notification, regulator, SB 1386, SB 24, security breach, Simitian

California Amends Its Data Breach Law - For Real, This Time! (As California Goes, So Goes the Nation? Part Three)

By InfoLawGroup LLP on September 01, 2011

California's infamous SB 1386 (California Civil Code sections 1798.29 and 1798.82) was the very first security breach notification law in the nation in 2002, and nearly every state followed suit. Many states added their own new twists and variations on the theme - new triggers for notification requirements, regulator notice requirements, and content requirements for the notices themselves. Over the years, the California Assembly and Senate have passed numerous bills aimed at amending California's breach notification law to add a regulator notice provision and to require the inclusion of certain content. However, Governor Schwarzenegger vetoed the bills on multiple occasions, at least three times. Earlier this year, State Sen. Joe Simitian (D-Palo Alto) introduced Senate Bill 24, again attempting to enact such changes. Yesterday, August 31, 2011, Governor Brown signed SB 24 into law.

Boris, Breach, data breach, data protection, enforcement, InfoLawGroup, information law group, information security breach, Megafon, privacy, privacy enforcement, Russia, Segalis, Yandex

Russia Data Protection Enforcement Update - Administrative Charges Follow Breach

By InfoLawGroup LLP on September 01, 2011

It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country's data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.