This morning, the U.S. Department of Justice (DOJ) announced an initiative aimed at “examining and strengthening forensic science.” Presumably, the initiative will impact how the DOJ approaches digital forensic evidence in criminal prosecutions. Deputy Attorney General Rod J. Rosenstein made the announcement at the International Association for Identification’s (IAI) conference in Atlanta, Georgia. The IAI … Continue Reading
Ashley Madison, which suffered a data breach in 2015 [view related posts here] involving the loss of 37 million users’ personal and financial information, has settled the suit for $11.2 million. Ashley Madison’s parent company previously settled data security allegations with 13 states and the Federal Trade Commission for $17.5 million, but ended up paying … Continue Reading
Reliance Jio, an Indian telecom upstart, compromised the personal data of over 100 million customers. This has prompted a call for increased data protection laws in India. At present, companies in India do not have to disclose data breaches to clients. Of course this is stark contrast to companies in the European Union, which have … Continue Reading
In November 2015, VTech Electonics North America LLC (VTech) announced that an unauthorized party infiltrated its network and gained access to the personal information of 5 million adults and 6.5 million children through its Learning Lodge app store, including their names, email addresses, security questions, photographs and messages [view related post]. One month following the … Continue Reading
On June 23, 2017, the Office of the Solicitor General (OSG) filed a petition for a writ of certiorari with the United States Supreme Court requesting reversal of a 2016 decision in which the U.S. Court of Appeals for the Second Circuit quashed a warrant obtained by the Department of Justice (DOJ) under the Stored … Continue Reading
The Federal Trade Commission (FTC) has announced that it has settled its Complaint against operators of the lead generation business Global Media, LLC and its CEO Christopher Kay for $104 million. The judgment has been suspended because the defendants are unable to pay it. It represents the amount the defendants made by selling loan applications. … Continue Reading
Anthem Inc. has reportedly agreed to pay a settlement of $115 million to its customers that were affected by what is being called one of the largest data breaches in U.S. history. The settlement is reportedly the largest ever to result from a data breach in the United States and would end a class action … Continue Reading
Trans Union, LLC, one of the largest credit reporting agencies in the United States has been hit with a verdict by a California jury for $60 million, which is the largest verdict under the Fair Credit Reporting Act (FCRA) to date. The class action complaint was filed in 2012 and alleged that Trans Union credit … Continue Reading
CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of a data breach in a reasonable time for $130,000. CoPilot began investigating an unauthorized access to, and downloading of its reimbursement records through … Continue Reading
In what is being considered the largest-ever settlement of alleged violations of Michigan’s privacy law (the Michigan Preservation of Personal Privacy Act), the publisher of Reader’s Digest has agreed to pay out $8.2 million to settle a proposed class-action lawsuit brought by consumers who allege that the publisher sold subscribers’ personal information to data brokers … Continue Reading
Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions. Originally conceived … Continue Reading
The United States Supreme Court has just agreed to hear the case of a Detroit man who was sentenced to 116 years in prison after data from his own cellular phone was used against him at his trial for his role in a string of robberies of Radio Shacks and T-Mobile stores in metro Detroit … Continue Reading
On May 9, 2017, the Illinois Appellate Court held that the College of DuPage Foundation (Foundation), a fundraising organization for the public College of DuPage (College), is subject to the state’s open records law. In doing so, the Court rejected the Foundation’s argument that it was a charitable organization with no public role, and instead … Continue Reading
Central Florida Regional Hospital (the Hospital) was released from a proposed class action last week for its alleged violations of the Telephone Consumer Protection Act (TCPA). The Hospital’s debt collector, Transworld Systems, allegedly made autodialed calls to collect overdue hospital debts without prior patient consent. Lead plaintiff, Charles Ivy, former emergency room patient at the … Continue Reading
The 2013 hack that caused one of the largest breaches in U.S. retail history continues to be a headache for Target Corp. Following the breach just before the holidays in 2013, Target was hit with consumer class action suits, suits by credit card companies, hostile shareholders at its shareholders’ meeting, and investigations by 47 state … Continue Reading
When assisting clients with emergency data breach response, and preparing and implementing a data privacy and security plan, it often becomes efficient, cost effective and necessary to hire outside vendors to assist with portions of the engagement. These activities include risk assessments, gap assessments, vulnerability testing, forensic analysis and security incident investigations. It is important … Continue Reading
Gather, a free app designed to allow users to create event invitations and send them to their contacts has been hit with a proposed TCPA class action suit. The named plaintiff alleges that Gather tricks users into giving Gather their contacts and then uses the contact information to send unsolicited texts to their contacts without … Continue Reading
Kmart’s proposed settlement with banks that had to reimburse customers following Kmart’s 2014 data breach was approved by an Illinois federal judge last week with one caveat: he wants to see how much each bank is being paid from the settlement, and he wants to see the plaintiffs’ attorneys’ billing records. The proposed deal reimburses … Continue Reading
On May 11, 2017, the Fourth Circuit Court of Appeals vacated a $12 million judgment against Experian Information Solutions, Inc. (“Experian”) in a class action against the credit reporting bureau alleging violations of the Fair Credit Reporting Act (“FCRA”). Relying on the standard set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins, … Continue Reading
Last week, Georgia federal judge, U.S. District Judge Clay D. Land, approved the final order and judgment to settle class action claims that Central Payment Co. LLC (Central Payment) violated the Telephone Consumer Protection Act (TCPA) for $6.5 million. Lead plaintiff, Fred Heidarpour, claimed that Central Payment violated the TCPA by hiring third parties to … Continue Reading
In a surprise move late last week, Home Depot has agreed to settle a shareholders derivative suit filed against current and former members of the Board of Directors and the Chief Executive Officer and Chief Information Officer (CIO) following a massive data breach that occurred in 2014. The shareholders allege that former and current board … Continue Reading
Touted as the first OCR settlement with a wireless health services provider, the OCR announced on April 24, 2017, that it has settled alleged HIPAA violations with CardioNet, based in Pennsylvania for $2.5 million. CardioNet self-reported a data beach in January 2012, stating that an unencrypted laptop of one of its employees was stolen from … Continue Reading
A class action was filed in Fort Lauderdale, Florida this week against a national telehealth provider, MDLive Inc. (MDLive) for its mobile app’s alleged secret capture of screenshots containing sensitive patient information without restricting access to medical providers who have a legitimate need to view the information. The lawsuit was filed by Utah resident, Joan … Continue Reading
Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have … Continue Reading
