Privacy + Cyber

Subscribe to Privacy + Cyber via RSS

The U.S. Department of Justice has released guidance to assist organizations in preparing for a cyber incident.  Released alongside a speech given by Assistant Attorney General Leslie Caldwell on April 29, the 15-page memo, “Best Practices for Victim Response and Reporting of Cyber Incidents,” provides a framework for organizations to prepare an incident response

On April 30, Sen. Patrick Leahy, D-Vt., introduced legislation that would require companies to report data breaches within 30 days and would protect a wide range of personal and geographic location data while allowing more stringent state laws to stand.  As mentioned here, the Consumer Privacy Protection Act is just the latest piece of

On April 15, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote.  The bill, H.R. 1770: The Data Security and Breach Notification Act of 2015, was initially backed by Rep. Peter Welch (D-VT) and Rep. Marsha Blackburn (R-TN) but passed along party lines.

The legislation

On February 25, the Superintendent of the New York Department of Financial Services (“DFS”), Benjamin M. Lawsky, spoke at Columbia Law School regarding the increased role of states as regulators, especially in the case of emerging risks such as cybersecurity.  The speech, titled “Financial Federalism: The Catalytic Role of State Regulators in a Post-Financial Crisis

On February 27, the White House proposed a bill that would provide consumers with a “Privacy Bill of Rights” as well as provide an enforcement mechanism for data breach enforcement actions by the FTC and state attorneys general.  The language used is similar to a proposal by the administration in 2012 which failed to gain

In order to assist the Consumer Financial Protection Bureau with its statutory obligation to report annually to Congress concerning the federal government’s efforts to implement the Fair Debt Collection Practices Act, the Federal Trade Commission submitted a summary of its own enforcement activities during 2014.

The FTC’s summary highlights not only the “aggressive law enforcement

On February 5, Illinois Attorney General Lisa Madigan testified before the U.S. Senate, calling on Congress to enact a strong, meaningful federal data breach notification law, while at the same time lobbying Congress to avoid preempting states from enforcing their own data protection laws.

Before the Senate’s Subcommittee on Commerce, Science and Transportation in a

On January 23, the Seventh Circuit Court of Appeals heard oral arguments in a class action suit against Neiman Marcus Group LLC over the alleged 2013 hack that compromised the credit card numbers of 350,000 shoppers.

The suit was one of multiple proposed class actions filed after hackers infiltrated Neiman Marcus’ payment security system with

On January 15, 2015, New York Attorney General Eric Schneiderman announced that he would be proposing legislation to overhaul New York’s data security law and require new and unprecedented safeguards for personal data of consumers. While the proposal has yet to be released, the Attorney General’s press release indicates that the proposal will include a

On December 10, Oregon Attorney General Ellen Rosenblum proposed more rigorous requirements for companies to disclose data breaches that expose consumers’ personal information.  Testifying before the Oregon joint Senate and House Judiciary Committee, Rosenblum called on the Oregon legislature to update the state’s data breach law and to extend data breach enforcement and notification to