One of the largest data breaches in U.S. history, the Equifax breach has reverberating implications not only for the big three consumer credit reporting agencies, but for all organizations maintaining and transmitting protected information. Talks of universal data breach law immediately grew louder and within weeks, state Attorney Generals from Massachusetts to California, the U.S.
Mark C. Mao
FTC and NHTSA to Hold Workshop on Connected Vehicles
The Federal Trade Commission and the National Highway Traffic Safety Administration are teaming up to hold a workshop on June 28, 2017 related to privacy and security issues posed by connected vehicles. The FTC has requested that comments related to this issue be submitted online or by mail by May 1.
“Connected vehicles” include most…
$5.3M Settlement of TCPA Class Action Against Taxi Cab Companies Preliminarily Approved
The United States District Court for the Western District of Washington preliminarily approved a $5.3 million settlement of a Telephone Consumer Protection Act class action against taxi cab companies Orange Cab Company, Inc. and RideCharge, Inc.
According to the complaint, the defendants worked together to develop an app, known as “Taxi Magic,” for cell …
TCPA Class Action Dismissed Based on Lack of Vicarious Liability
The United States District Court for the Southern District of California recently granted summary judgment in favor of defendant United Student Aid Funds, Inc. (“USAF”) in a Telephone Consumer Protection Act class action, holding that the plaintiff had failed to prove that USAF is vicariously liable for the acts of its third party servicers.…
SuperAmerica Convenience Store Agrees to $3.5 Million TCPA Class Action Settlement
The parties in Soular v. Northern Tier Energy, LP et al. recently filed a motion for preliminary approval of a $3.5 million Telephone Consumer Protection Act (“TCPA”) class action in the District of Minnesota. The three named plaintiffs in the case alleged that they received unsolicited marketing text messages from the …
Bebe’s Motion to Decertify TCPA Classes Denied by California Federal Court
On February 10, the United States District Court for the Northern District of California denied defendant Bebe Stores, Inc.’s motion to decertify the plaintiffs’ proposed classes in a Telephone Consumer Protection Act class action.
In Meyer v. Bebe Stores, Inc., the named plaintiffs alleged that they provided their cell phone numbers to Bebe in …
FTC’s Latest Message to IoT Industry Comes as Complaint Against D-Link Alleging UDAP Violation Related to Security Vulnerabilities
On January 5, the Federal Trade Commission filed a complaint against D-Link Corporation, a Taiwanese corporation, and D-Link Systems, Inc., a California corporation and a subsidiary of D-Link Corporation. D-Link sells Internet of Things (“IoT”) devices and software to support such devices. Specifically, D-Link sells routers which transfer data packets along a network and which …
FDA’s Postmarket Management of Cybersecurity in Medical Devices
On December 28, the U.S. Food and Drug Administration issued its “nonbinding recommendations” guidance for addressing post-market cybersecurity vulnerabilities in medical devices under the title “Postmarket Management of Cybersecurity in Medical Devices.”[1] By its terms, the recommendations are for a “risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting…
NHTSA and DOT Propose Rule Mandating Vehicle-to-Vehicle Communication on Light Vehicles
The National Highway Traffic Safety Administration and the Department of Transportation have issued a Notice of Proposed Rulemaking for autonomous and connected cars. The NPRM “proposes to establish a new Federal Motor Vehicle Safety Standard” under 40 CFR 571 to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format…
New York Financial Regulator Revises Proposed Cybersecurity Regulation
On December 28, the New York Department of Financial Services (“NY DFS”) released its highly anticipated revised cyber security rule. As we previously noted here, the proposed regulations would require banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program and to take other measures to protect against data…