The Department of Defense has published an interim rule in the Federal Register requiring government contractors and subcontractors to report a larger number of data breach incidents than had been previously required.
The rule specifically covers cyber incidents that have an “actual or potentially adverse effect” on a covered contractor information system, on covered defense
On August 24, the Third Circuit Court of Appeals affirmed the authority of the Federal Trade Commission to bring cases against companies that experience a data breach.
The Third Circuit Court of Appeals ruled the FTC could proceed with a lawsuit alleging that the hotel chain Wyndham Worldwide Corp. violated the unfairness and deception prong
On July 20, the Seventh Circuit Court of Appeals ruled that a group of plaintiffs who sued Neiman Marcus over the theft of their credit card information in a data security breach had standing to sue for fraudulent charges, as well as fraud-prevention expenses and credit monitoring. The appellate court reversed a prior decision from
On Wednesday, July 15, CFPB Director Richard Cordray assured the Senate Banking, Housing and Urban Affairs Committee, as well as the public, that data collected by the CFPB could not be used to personally identify any consumer. A September report by the U.S. Government Accountability Office found that the CFPB collects information on 700,000 car
The Federal Trade Commission (“FTC”) released a new guidance entitled “Start with Security,” intended to assist businesses in improving their data security practices. Stemming from “basic, fundamental security missteps” identified by the FTC through the more than fifty FTC data security enforcement actions, this suggested guidance provides valuable insight into the issues of concern to
On July 9, just weeks after initiating its first enforcement actions against payment processors, the Consumer Financial Protection Bureau issued an outline of nine “guiding principles” for faster payment networks which will provide greater consumer protections. The CFPB indicated that new technology supporting payment systems must be secure, transparent, accessible, affordable to consumers, and have
On July 7, 47 state attorneys general signed onto a multistate letter to the U.S. Congress emphasizing the importance of maintaining states’ authority to enforce data breach and data security laws, and their ability to enact laws to address future data security risks.
The letter to Senate Majority and Minority Leaders, Mitch McConnell and Harry
On June 1, the Connecticut legislature passed a bill that would require businesses exposed to a data breach to notify victims within 90 days of the breach. The bill would also require businesses to provide victims with one year of identity-theft protection if their Social Security number is compromised. Senate Bill 949, An Act
On May 5, Virginia Governor Terry McAuliffe signed an executive directive which sets enhanced security requirements for the purchase card program used by state agencies, including the implementation of “chip and pin” technology by December. The directive further instructed Virginia’s treasurer, comptroller, and secretaries of finance and technology to implement enhanced payment technologies that “meet
In a pair of recent votes, the House of Representatives supported legislation that would create liability protections for companies that share with the federal government information about cyberthreats. The bills, H.R. 1560 and H.R. 1731, allow private companies to take defensive cybersecurity measures to protect their rights and property. They also allow for sharing of