The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer

Washington legislators recently introduced the Washington Privacy Act (WPA). This legislation is a consumer-focused privacy law similar to the California Consumer Privacy Act (CCPA) but it also has some European Union General Data Protection Regulation (GDPR)-like concepts. The WPA protects personal data in much the same way as the CCPA, but with some significant differences.

Virtually every company that provides goods or services to the public will, at some point, have a negative review posted online by a dissatisfied consumer. While such reviews are understandably upsetting, a company should not respond in kind with negative comments about the reviewer and certainly should not reveal personal or sensitive information about them.

New Hampshire Governor Chris Sununu recently signed the New Hampshire Insurance Data Security Law, which “establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event…, and notification to the commissioner.” The law is applicable to all persons or entities licensed, authorized to operate, registered or required to be

Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit monitoring services to active duty military personnel. CRAs are required by law to notify active duty military consumers about any “material” additions or

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates to the Fair Credit Reporting Act (FCRA) that may in turn affect the information that businesses provide to customers or clients in response to a data breach or similar security incident.
Continue Reading Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

We all know that it is important to protect our Social Security number. But sometimes companies still try to use the last four digits of our Social Security numbers as identifiers or to verify identity in some way. The use of Social Security numbers began in 1936 long before computers, the internet, and identity theft

On May 11, 2017, the Fourth Circuit Court of Appeals vacated a $12 million judgment against Experian Information Solutions, Inc. (“Experian”) in a class action against the credit reporting bureau alleging violations of the Fair Credit Reporting Act (“FCRA”). Relying on the standard set forth by the U.S. Supreme Court in Spokeo, Inc. v. Robins, the circuit court held the named plaintiff lacked constitutional standing because he suffered no “concrete” injury from the alleged statutory violation.

The claims in the lawsuit involved the FCRA requirement that credit reporting agencies must, upon request, clearly and accurately disclose to a consumer the “sources of the information” in the consumer’s file at the time of the request. 15 U.S.C. § 1681g(a)(2). As part of a background check in connection with obtaining security clearance, the lead plaintiff, Michael Dreher, obtained a series of credit reports from Experian which listed a delinquent credit card account identified as Advanta associated with his name. Unbeknownst to Dreher, Advanta has been closed since 2010 and a company named CardWorks had been appointed as a servicer for the company  acquiring Advanta’s receivables.
Continue Reading Fourth Circuit Vacates $12M FCRA Class Action Judgment Against Experian

We previously reported that 21st Century Oncology suffered a data breach in October 2015 involving an intrusion into its systems which compromised around 2 million patients’ records, including their names, Social Security numbers, physicians’ names, insurance information, treatment information and diagnoses [view related posts here and here]. As a result of the data