New York Gov. Kathy Hochul recently signed into law A8872-A and S2659-B which amend New York’s data breach notification law.
Posts tagged as “data breach”
Pennsylvania Gov. Josh Shapiro recently approved Senate Bill 824, which amends Pennsylvania’s data breach notification law, 73 Pa. Stat. Ann. § 2301, et seq.
The Massachusetts Office of Attorney General (“AGO”) recently issued an Advisory on the development, supply, and use of artificial intelligence (“AI”). The Advisory provides guidance in the context of the Massachusetts Consumer Protection Act,[1] Anti-Discrimination Law,[2] Data Security Law,[3] and associated regulations.
The Federal Trade Commission recently announced approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule to require nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a “notification event”).
The U.S. Court of Appeals for the Seventh Circuit recently affirmed a trial court’s dismissal of a purported data leak class action alleging unauthorized disclosure of driver’s license numbers.
Texas Gov. Greg Abbott on May 27 signed into law Senate Bill 768 which amends the state’s data breach notification statutes. The amendments go into effect Sept. 1, 2023.
Utah Gov. Spencer Cox on March 23 signed into law Senate Bill 127, which amends the state’s data breach notification statutes. The amendments go into effect May 2, 2023.
The U.S. Court of Appeals for the Fifth Circuit recently held that a merchant had a contractual obligation to indemnify its payment processor after a data breach at the merchant compromised customer credit card data.
The U.S. Court of Appeals for the Fourth Circuit recently reversed a trial court’s contrary ruling in a putative class action relating to a data breach and remanded the case back to state court for lack of Article III standing.
The upward trend in data privacy legislation continued in 2022. According to the National Conference of State Legislatures, “[a]t least 35 states and the District of Columbia in 2022 introduced or considered almost 200 consumer privacy bills,” which is a significant increase from 160 bills in 2021.
The U.S. Court of Appeals for the Third Circuit recently held in Clemens v. ExecuPharm Inc. that the risk of future harm from a data breach can be enough for Article III standing, taking into consideration whether the breach was intentional, whether the data was misused, and the nature of the data accessed.
The U.S. Court of Appeals for the Ninth Circuit recently affirmed the trial court's denial of a motion for a remand to state court and the dismissal of the plaintiffs' class action suit alleging violations of the federal Fair Credit Reporting Act by a credit reporting agency.