Litigation and legal developments concerning data breaches.
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]
Settlements were announced by the FTC and state attorneys general yesterday. Only the state settlement involved a monetary penalty because the FTC had no authority to impose penalties in its case. Settlement with the FTC Source: The Federal Trade Commission $52 Million Settlement with States Source: NYS Attorney General’s Office
A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect on October 2, 2024. All general hospitals covered by the regulation must comply with the new provisions within one year of the adoption date, except that general hospitals must […]
Brian Montgomery is a partner at Pillsbury and a former NYDFS deputy superintendent. Mark Krotoski is a partner at Pillsbury and former national coordinator for the Computer Hacking and Intellectual Property Program at the Department of Justice. In an article on Bloomberg Law, they write: Cybersecurity regulations can be a constantly moving target, with digital advances and […]
A recent press release from the Dutch DPA (Autoriteit Persoonsgegevens) emphasizes that Dutch organizations need to do better in providing breach victims with timely information that they need to protect themselves. If the Dutch DPA thinks warnings or alerts sent to victims more than three weeks after a breach is “way too slow,” The Data […]
Datatilsynet is Norway’s Data Protection Authority. Inspection of its website indicates that it has not imposed many monetary penalties in recent years for violations of the Personal Data Act 2000. After 2021, in which it reported 37 actions, it issued only 12 reports in 2023, and only 7 so far in 2024. Here are two […]
The Federal Communications Commission announced a major settlement today: WASHINGTON, September 30, 2024—The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational […]
TechCrunch reports: Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security breach by Facebook’s parent company. […] After investigating, […]
New data breach reporting and mitigation requirements go into effect in Pennsylvania on September 26, and there is a new portal for reporting breaches to the state. Lawyers at SheppardMullin provide a timely reminder: Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The […]
CBS News reports: AT&T has agreed to pay $13 million to settle a federal investigation into whether the mobile phone service provider failed to protect customer information in connection with a data breach last year, the Federal Communications Commission said Tuesday. The FCC’s probe focused on how AT&T’s privacy, cybersecurity and vendor management practices […]
