Photo of Mark C. Mao

One of the largest data breaches in U.S. history, the Equifax breach has reverberating implications not only for the big three consumer credit reporting agencies, but for all organizations maintaining and transmitting protected information. Talks of universal data breach law immediately grew louder and within weeks, state Attorney Generals from Massachusetts to California, the U.S.

The United States District Court for the Western District of Washington preliminarily approved a $5.3 million settlement of a Telephone Consumer Protection Act class action against taxi cab companies Orange Cab Company, Inc. and RideCharge, Inc. 

According to the complaint, the defendants worked together to develop an app, known as “Taxi Magic,” for cell

The United States District Court for the Southern District of California recently granted summary judgment in favor of defendant United Student Aid Funds, Inc. (“USAF”) in a Telephone Consumer Protection Act class action, holding that the plaintiff had failed to prove that USAF is vicariously liable for the acts of its third party servicers.

The parties in Soular v. Northern Tier Energy, LP et al. recently filed a motion for preliminary approval of a $3.5 million Telephone Consumer Protection Act (TCPA) class action in the District of Minnesota.  The three named plaintiffs in the case alleged that they received unsolicited marketing text messages from the

On February 10, the United States District Court for the Northern District of California denied defendant Bebe Stores, Inc.’s motion to decertify the plaintiffs’ proposed classes in a Telephone Consumer Protection Act class action. 

In Meyer v. Bebe Stores, Inc., the named plaintiffs alleged that they provided their cell phone numbers to Bebe in

On January 5, the Federal Trade Commission filed a complaint against D-Link Corporation, a Taiwanese corporation, and D-Link Systems, Inc., a California corporation and a subsidiary of D-Link Corporation.  D-Link sells Internet of Things (“IoT”) devices and software to support such devices.  Specifically, D-Link sells routers which transfer data packets along a network and which

On December 28, the U.S. Food and Drug Administration issued its “nonbinding recommendations” guidance for addressing post-market cybersecurity vulnerabilities in medical devices under the title “Postmarket Management of Cybersecurity in Medical Devices.”[1] By its terms, the recommendations are for a “risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting

The National Highway Traffic Safety Administration and the Department of Transportation have issued a Notice of Proposed Rulemaking for autonomous and connected cars.  The NPRM “proposes to establish a new Federal Motor Vehicle Safety Standard” under 40 CFR 571 to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format

On December 28, the New York Department of Financial Services (“NY DFS”) released its highly anticipated revised cyber security rule.  As we previously noted here, the proposed regulations would require banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program and to take other measures to protect against data