Consequences of and Lessons Learned from the Equifax Data Breach

The Equifax data breach has and will have significant long-term ramifications for data security practices and personal privacy. Understanding how the Equifax data breach occurred and the type of data compromised is crucial to understanding the consequences of this breach. Reason for the Data Breach Based upon available information, it appears that the hackers were 

Continue Reading >>

Adopting Data Security Measures Is Not Always Enough to Ensure Compliance with the Safeguards Rule

The Securities and Exchange Commission views data security as a critical part of its investor protection mandate.  Rule 30(a) of Regulation S-P, known as the “Safeguards Rule” sets out certain procedures that every SEC-registered broker-dealer, investment company and investment adviser must adopt to safeguard customer records and information.  The Safeguards Rule requires these entities to 

Continue Reading >>

The FTC’s Expansive “Watch Dog” Role in Question – How Businesses Should Respond

The Federal Trade Commission (FTC), the federal consumer protection agency created in 1914 to break up large, anticompetitive monopolies, has recently focused its efforts in regulating consumer privacy and data protection.  Although some specific kinds of data are subject to various federal legal requirements—such as medical information under HIPAA—and states have their own laws governing 

Continue Reading >>

New Ruling by U.S. Supreme Court on Standing to Pursue Litigation

Alleging a “mere statutory violation” is not sufficient to confer Article III standing for a federal cause of action according to a recent ruling of the United States Supreme Court in Spokeo, Inc. v. Robins, __ U.S. __, 136 S.Ct. 1540 (2016), in the context of an alleged violation of the Fair Credit Reporting Act 

Continue Reading >>

The GDPR and the Model Clauses for Data Transfer Processors: Transactional and Litigation Issues

Whether we like it or not, whether we adopt similar legislation in the U.S. or not, the stringent requirements of the General Data Protection Regulations (“GDPR”) are coming and the requirements are becoming boilerplate language in U.S. contracts.  This will impact businesses as it relates to their operations, contract negotiations and, eventually, exposure to liability.  

Continue Reading >>