Photo of Siran Faulders

On September 17, the Seventh Circuit Court of Appeals declined to rehear an appeal it decided against Neiman Marcus over a payment card data breach, leaving in place the precedential ruling that held plaintiffs can sue for the trouble and expense of preventing fraud on their accounts.

The decision stems from a class action suit

The Federal Trade Commission (“FTC”) released a new guidance entitled “Start with Security,” intended to assist businesses in improving their data security practices. Stemming from “basic, fundamental security missteps” identified by the FTC through the more than fifty FTC data security enforcement actions, this suggested guidance provides valuable insight into the issues of concern to

On July 7, 47 state attorneys general signed onto a multistate letter to the U.S. Congress emphasizing the importance of maintaining states’ authority to enforce data breach and data security laws, and their ability to enact laws to address future data security risks.  

The letter to Senate Majority and Minority Leaders, Mitch McConnell and Harry

On June 1, the Connecticut legislature passed a bill that would require businesses exposed to a data breach to notify victims within 90 days of the breach.  The bill would also require businesses to provide victims with one year of identity-theft protection if their Social Security number is compromised.  Senate Bill 949, An Act

On May 20, the three national consumer reporting agencies (CRAs) – Equifax Information Services LLC, Experian Information Solutions Inc., and TransUnion LLC – inked a deal with thirty-one state attorneys general to end an investigation initiated in 2012 by the Ohio Attorney General’s office.

Under the multistate settlement, which is in the form of

On May 19, the Federal Trade Commission and all fifty state attorneys general and the District of Columbia charged four cancer charities and their operators with bilking more than $187 million from consumers.  The alleged fraud, detailed in a complaint filed in the United States District Court for the District of Arizona, is said to

The U.S. Department of Justice has released guidance to assist organizations in preparing for a cyber incident.  Released alongside a speech given by Assistant Attorney General Leslie Caldwell on April 29, the 15-page memo, “Best Practices for Victim Response and Reporting of Cyber Incidents,” provides a framework for organizations to prepare an incident response

On April 30, Sen. Patrick Leahy, D-Vt., introduced legislation that would require companies to report data breaches within 30 days and would protect a wide range of personal and geographic location data while allowing more stringent state laws to stand.  As mentioned here, the Consumer Privacy Protection Act is just the latest piece of

On April 15, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote.  The bill, H.R. 1770: The Data Security and Breach Notification Act of 2015, was initially backed by Rep. Peter Welch (D-VT) and Rep. Marsha Blackburn (R-TN) but passed along party lines.

The legislation

The nation’s three leading Credit Reporting Agencies (“CRAs”) – Equifax, Experian, and TransUnion – announced on March 9 a National Consumer Assistance Plan that will enhance their ability to collect consumer information that is as complete and accurate as possible and will provide consumers more transparency and a better experience interacting with CRAs about their