Who: United States businesses that process (i.e., collect, store, or transmit) the personal information of EU residents in connection with offering goods or services in the EU (online or otherwise) are subject to the GDPR, regardless of whether the business has any physical presence in the EU or any payment is made by the EU … Continue Reading
On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090. This new law will make materially inaccurate claims related to the collection, use, disclosure, maintenance, and disposal of consumer data an unlawful trade practice subject to enforcement by the Attorney General. The law applies not only to claims made on websites (privacy … Continue Reading
Last year, many businesses suffered data breaches during tax season when their employees divulged other employees’ W-2 information (including Social Security numbers) to criminals. Sadly, we are starting to receive reports that the criminals are back at it this year. Take action now to avoid being victimized and protect your employees’ data. … Continue Reading
Recently, the U.S. Court of Appeals for the Third Circuit ruled that the Federal Trade Commission (the “FTC”) may pursue a lawsuit against Wyndham Worldwide Corporation, a hotel and time-share operator, for “unfair and deceptive” cybersecurity practices. In its complaint, the FTC alleged that Wyndham had “unreasonably and unnecessarily” exposed consumers’ personal data in more … Continue Reading
We recently wrote a post on this blog analyzing the Seventh Circuit’s ruling that the victims of a Neiman Marcus data breach could proceed with their claims against the retailer. We noted the significance of the decision because it allowed the plaintiffs to proceed with their claims against Neiman Marcus while many other courts had dismissed similar … Continue Reading
For years, data-breach plaintiffs have faced a huge barrier to obtaining relief in court: many courts have dismissed their complaints because they have been unable to demonstrate actual harm (or “concrete and particularized injury,” in lawyer-speak)—and actual harm is generally a requirement to have standing in federal court. Many of these plaintiffs were able to … Continue Reading
On June 10, 2015, Oregon Governor Kate Brown signed into law a bill that significantly amends Oregon’s data breach notification law. The amended law, which is effective January 1, 2016 (and applies to breaches occurring on and after that date), requires Oregon’s Attorney General to be notified if a breach affects more than 250 Oregonians. … Continue Reading
In late April, Washington’s data-breach law was significantly amended. The changes go into effect July 31, 2015, and will change the law in the following seven ways: Specific information (e.g., name and contact information of reporting person or business and credit-reporting agencies) must be included in a data-breach notification. This is in line with Washington’s … Continue Reading
On Monday, the United States Supreme Court granted certiorari in a case that may lower the bar for plaintiffs in data-breach litigation. As reported by the Wall Street Journal, the Supreme Court is now set to determine whether a violation of federal statute—without more—is sufficient to grant a plaintiff standing to sue in federal court. As … Continue Reading
As reported in an interview with The Privacy Advisor, Oregon Attorney General Ellen Rosenblum is seeking the following three changes to Oregon’s data breach notification law: Mandatory reporting of data breaches to the AG’s office; Enhanced enforcement authority in the event of data breaches; and An expanded definition of personal information required to be reported. Rosenblum … Continue Reading
The recent article from Today’s General Counsel magazine, Defendants’ Stratagems and Plaintiffs’ Counters in Trade Secret Litigation, reminds us all of the difficulties of being a plaintiff in trade secret litigation (as though we needed to be reminded!). These difficulties include: Proving the “secrecy” and value of your trade secret; Showing your trade secret was not independently derived … Continue Reading