New York State Passes Legislation Expanding Data Security Prevention and Notification Requirements

On July 25, 2019, New York state passed a substantial expansion of its data security law in the form of two new pieces of legislation: the Identity Theft Prevention and Mitigation Services Act (ITPMS Act) and the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). The ITPMS Act is less impactful for businesses, but perhaps more useful for consumers. First, it requires credit reporting agencies that experience a breach involving Social Security numbers to give consumers the right to freeze their credit score…
Continue reading...

Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only…
Continue reading...

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. §…
Continue reading...

The FTC Gang’s All Here – Five New Commissioners Confirmed

The Federal Trade Commission (FTC) is widely recognized as the primary federal regulator of cybersecurity and data privacy by virtue of its authority under Section 5 of the Federal Trade Commission Act to take enforcement action against unfair and deceptive trade practices, which authority has been upheld by various courts including the U.S. Court of Appeals for the Third Circuit. For just over a year, the FTC has operated with only two commissioners, one Republican and one Democrat. On April 26, 2018, the United States…
Continue reading...