Perspectives on Consumer Data

On April 14, 2016, the European Union formally adopted a new scheme – known as the EU General Data Protection Regulation (GDPR) – to protect the personal data of European residents.

Data breach notifications may be more common in Tennessee. Notably, the Governor recently signed into law a bill updating the current breach notification requirements by (a) requiring notice even where data is encrypted, (b) requiring notice within 45 days of discovery of the breach (barring a law e

On April 13, 2016, the Article 29 Working Party released its opinion on the EU-US Privacy Shield.

In the wake of the recent ransomware attack on Hollywood Presbyterian Medical Center, news reports have emerged that at least three more medical centers and a large health care system have been the victims of these attacks.

Costco Wholesale Corporation recently moved to dismiss a class action lawsuit alleging that the discount retailer printed more than the last five digits of a customer’s credit card number on her receipt, in violation of the Fair and Accurate Credit Transactions Act.

Following a settlement, ASUSTeK must maintain a comprehensive security program and endure 20 years of independent audits. The onus is on technology companies to ensure reasonable security measures and practices.

Cybersecurity may have rocketed to the top of management’s priority list in the wake of the recent cyberattack on Hollywood Presbyterian Medical Center (HPMC) that left the hospital unable to access some of its computer systems for ten days.

More details are still to come regarding the potential replacement to the invalidated Safe Harbor data transfer mechanism, the EU-US Privacy Shield.

This morning, the European Commission and US Department of Commerce agreed on a Safe Harbor replacement deal, rebranded as the EU-US Privacy Shield.

The Federal and Trade Commission recently released a report outlining the benefits and risks involved in using big data.

The EU Commission, Parliament, and Council of Ministers recently reached an agreement on the General Data Protection Regulation (GDPR).

The Network Advertising Initiative (NAI), an advertising industry trade group for third-party advertisers, recently released the 2015 update to its Mobile Application Code.

Multinational businesses and EU member states are currently making ad hoc decisions to regulate data transfer to the US. To address the chaos, several EU data protection authorities have issued new guidance.

Banks are a key target for hackers, and finance hub New York aims to set first state regulations in this space. While the cyber regulatory landscape continues to shift, companies should constantly analyze and update security measures as compliance does not guarantee security.

These action items will not only put you in a better position when a breach arises, but you will have the right answers when a regulator calls.

In a closely watched data collection case, Arent Fox LLP secured a victory for Lacoste when the California Supreme Court declined to clarify whether retailers in the state can ask customers for their personal information.

Beginning September 1, 2015, many companies that engage in mobile advertising will be subject to a new level of scrutiny by industry watch dogs.

The Federal Trade Commission sent a new warning for companies engaged in geolocation tracking. Specifically, the FTC recently reached a settlement agreement with Nomi Technologies, a company that offers services allowing retailers to track the movements of customers in and around their stores.

A US Bankruptcy Judge recently approved the sale of a package of RadioShack’s intellectual property assets—including consumer data obtained from RadioShack customers—to General Wireless Inc., the hedge fund affiliate that acquired over 1,700 RadioShack stores in February.

A California appeals court recently held that a retailer does not violate California privacy law by collecting and recording birth dates of consumers who buy alcohol with credit cards.

A California appeals court recently held in Ambers v. Beverages & More, Inc. that retailers are permitted under state law to request customers’ personal information when goods are purchased online but picked up in person.

With the release of the Apple Watch, a number of companies are likely to grapple with an increasingly common problem: how to secure sensitive company data and information in the age of wearables.

New Jersey Gov. Chris Christie recently signed a bill amending the state’s gift card law to eliminate the consumer data collection requirements.

On March 19, 2015, a Minnesota federal judge granted preliminary approval of Target Corporation’s (Target) proposed $10 million settlement of a class action lawsuit, which arose out of a 2013 data breach that compromised personal information of roughly 110 million of Target’s customers.