Litigation and legal developments concerning data breaches.
Datatilsynet is Norway’s Data Protection Authority. Inspection of its website indicates that it has not imposed many monetary penalties in recent years for violations of the Personal Data Act 2000. After 2021, in which it reported 37 actions, it issued only 12 reports in 2023, and only 7 so far in 2024. Here are two […]
The Federal Communications Commission announced a major settlement today: WASHINGTON, September 30, 2024—The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational […]
TechCrunch reports: Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security breach by Facebook’s parent company. […] After investigating, […]
New data breach reporting and mitigation requirements go into effect in Pennsylvania on September 26, and there is a new portal for reporting breaches to the state. Lawyers at SheppardMullin provide a timely reminder: Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The […]
CBS News reports: AT&T has agreed to pay $13 million to settle a federal investigation into whether the mobile phone service provider failed to protect customer information in connection with a data breach last year, the Federal Communications Commission said Tuesday. The FCC’s probe focused on how AT&T’s privacy, cybersecurity and vendor management practices […]
A blockbuster proposed settlement has been announced involving a ransomware attack last year. The ransomware attack by BlackCat resulted in 134,000 patients of Lehigh Valley Health Network having their data accessed, exfiltrated, and in some cases, leaked online. Distressingly, the threat actors cruelly leaked nude photos of identifiable cancer patients as part of the incident. […]
Lawyers at Constangy, Brooks, Smith & Prophete, LLP write: Businesses continue to be subjected to a steady stream of consumer class action lawsuits alleging improper collection or disclosure of information from their websites. A variety of laws and legal claims are used to support the suits. Some lawsuits assert violation of laws that are not […]
“Telecom companies told the U.S. Court of Appeals for the Sixth Circuit Monday that new Federal Communications Commission data breach rules are too similar to ones nixed by Congress in 2017.” Broadband Breakfast reports: “Congress disapproved the FCC’s earlier 2016 Reporting Rule, and the FCC all but admits that the two rules are nearly identical. […]
Risky Biz News reports: The FTC has fined security camera firm Verkada $2.95 million for failing to implement cybersecurity measures to protect its systems. The fine is related to a March 2021 security breach when a hacker accessed customer data and video footage from over 150,000 Verkada cameras. The hacker used the cameras to access and leak footage from psychiatric hospitals, […]
Retrospective: 2024 in comprehensive state data privacy law
2024 was an active year for state privacy law. Keir Lamont and David Stauss recap the year for IAPP: By the numbers, 2024 experienced a comparable level of activity to 2023 with seven new states passing comprehensive privacy laws, bringing the total number of state laws to 19 — or 20 depending on whether you […]