Passports and biometric data would be included in the types of personal information covered by California’s data breach notification law, under a bill that passed the state Senate and is headed to Gov. Gavin Newsom.

A.B. 1130 by Assemblyman Marc Levine (D) would also add taxpayer and military identification numbers, and other unique government identification

The Irish Data Protection Commission and Polish Data Protection Authority have issued guidance on data breach notification under GDPR in which they address the following questions, and more:

  • When do you “become aware”​ of a data breach?
  • What should a data breach notification include?
  • How do you communicate a data breach notification?

The guidance offers

“Organisations in Singapore are now expected to take no more than 30 days to complete an investigation into a suspected data security breach and notify the authorities of the incident 72 hours after completing their assessment. These are part of new guidelines to help companies manage data breaches more effectively and are expected to be

Don’t store users’ passwords in cleartext. Really.

It’s not a good idea. Also, it may be deemed a ‘knowing violation’ of the EU General Data Protection Regulation (GDPR) requirement to adequately protect personal data.

That is one key takeaway from the GDPR enforcement action by the State Commissioner for Data Protection and Freedom of Information

The September 2015 data breach at Experian exposed the personal information of nearly 15 million wireless carrier customers, and we are just now learning the cost.

Data privacy and securityA recent earnings report revealed the company has expended $20 million in its response to the breach, which exposed information including names, addresses, birthdates, social security numbers, driver’s license

The freedom from automated calls at random hours of the evening may seem like the true American dream these days as more and more companies rely on these calls to reach out and communicate with customers. Unfortunately, now that the Federal Communications Commission (“FCC”) voted to expand the Telephone Consumer Protection Act (“TCPA”) to include stringent yet vague restrictions on telemarketing robocalls, it may not be a dream for everyone.
Continue Reading

A recent District of Nevada ruling could cause issues for consumers in data breach class action cases moving forward. On June 1, 2015, the court ruled that a consumer class action against Zappos.com Inc. could not proceed because the class did not state “instances of actual identity theft or fraud.” The suit was brought as a result of a 2012 data breach where Zappos’ customers’ personal information was stolen, including names, passwords, addresses, and phone numbers. Even though the information was stolen, the court dismissed the case because the class could not prove that they had been materially harmed and had no other standing under Article III.
Continue Reading

With 2013 being dubbed as the “Year of the Mega Breach” it comes as no surprise that the Federal Trade Commission (“FTC”), on June 30, 2015 published “Start with Security: A Guide for Businesses” to educate and inform businesses on protecting their data.
Continue Reading

Copyright: argus456 / 123RF Stock Photo
Copyright: argus456 / 123RF Stock Photo

Fox Rothschild partner Scott L. Vernick was quoted in The New York Times article, “Hacking Victims Deserve Empathy, Not Ridicule.” Full text can be found in the September 2, 2015, issue, but a synopsis is below.

While some data breach victims may face only