Applus Technologies, Inc., a vendor of multiple state Departments of Motor Vehicles that assists states with vehicle inspections, recently announced that its systems have been affected by malware, disrupting motor vehicle inspections in Connecticut, Georgia, Idaho, Illinois, Massachusetts, New York, Texas, and Utah. As a result of the outage, vehicle inspections have not been able
Illinois
Consumer Reports Releases Model State Privacy Act – More States Introduce Consumer Privacy Legislation
This week, Consumer Reports published a Model State Privacy Act. The Consumer advocacy organization proposed model legislation “to ensure that companies are required to honor consumers’ privacy.” The model legislation is similar to the California Consumer Privacy Act, but seeks to protect consumer privacy rights “by default.” Some additional provisions of the model law…
Canon Hit with Data Breach Class Action Suit by Former and Current Employees
Canon U.S.A. Inc. (Canon) was hit with a class action lawsuit in the U.S. District Court for the Eastern District of New York this week for the ransomware attack that exposed current and former employees’ personal information in November 2020. The plaintiffs reside in Ohio, New York, Florida and Illinois, and allege that Canon was…
Home Depot Settles Data Breach Multi-state Enforcement Action for $17.5 Million
Home Depot has agreed to settle a multi-state enforcement action by 46 U.S. states and Washington, D.C. arising from the data breach that occurred in 2014. Home Depot has agreed to pay $17.5 million to put the enforcement action behind it. The investigation was led by the Attorneys General of Connecticut, Illinois and Texas.
The…
On the Border Restaurant Suffers Data Breach
Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our…
Google Sued Under Illinois Biometric Information Privacy Act
Another day, another suit against a brand name for allegations of violation of the Illinois Biometric Information Privacy Act (BIPA). Plaintiffs’ attorneys are having a field day filing class action lawsuits based on BIPA.
Late last week, Google was sued in Cook County, Illinois in a proposed class action, alleging that it violated BIPA by…
Be Cautious When Collecting and Using Biometric Information
We only have one unique face, two irises and ten fingerprints. We can’t change our biometrics like we can a credit card number. Yet many companies are collecting and using their employees’ and our biometric information for convenience without thinking about the potential consequences.
I recently went into a high-end retailer and the sales clerk…
Employers and Wellness Plans: Questions about Quest Breach?
Last week, we wrote that Quest Diagnostics reported in a security filing that a collection agency performing collections for the company had suffered an intrusion that exposed almost 12 million individuals’ personal and financial information [view related post]. Another lab company reported days later that it was notified that the information of 8 million…
Model Rule for Securities Administrators Approved by NASAA
The North American Securities Administrators Association (NASAA) this week approved an information security model rule package aimed at improving the cybersecurity posture of the 17,543 state-registered advisers.
The proposed model would require state-registered investment advisers to establish written cybersecurity policies and procedures designed to safeguard clients’ records and information, and to deliver its privacy policy…
Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act
On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose thumbprint was scanned as part of an amusement park’s season pass-holder program, allegedly without proper notice or consent, was an “aggrieved person” who could maintain a claim under BIPA.
BIPA imposes restrictions on how private entities collect, retain, disclose and destroy biometric identifiers, including fingerprints and other biometric information. An entity may not collect or otherwise obtain a person’s biometric identifier or information unless it: (1) informs the subject (or their legally authorized representative), in writing, that such information is being collected or stored; (2) informs the subject or their representative, in writing, of the specific purpose and length of term for which the biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject or authorized representative. BIPA—the country’s only biometric privacy law with a private right of action—allows any person “aggrieved” by a violation of its provisions to bring an action against an “offending party” and to recover, for each violation, liquidated damages of $1,000 or actual damages (if greater), reasonable attorneys’ fees and costs, and any other relief that the court deems appropriate.…
Continue Reading Individuals Need Not Allege Actual Injury to Sue for Damages Under the Illinois Biometric Information Privacy Act