On January 13, 2020, the United States District Court, Northern District of Georgia issued final approval of a settlement of a consumer class action against Equifax for the 2017 data breach that compromised the personal information of 147 million consumers. The settlement includes the establishment of a reimbursement fund of $380.5 million, as well as …
Read More

In 2019, businesses learned that they could no longer hide from the inherent tension between commercial use of individual data and individual privacy interests. Over the past month or so, the Federal Trade Commission (FTC) took a number of notable privacy-related actions against a host of companies regarding what it considered to be their problematic …
Read More

A number of courts recently have considered issues relating to individuals’ privacy, the First Amendment, and the public’s right to know. Here, Jay D. Kenigsberg reviews and examines several notable decisions involving these subjects. Montana Supreme Court Reverses Order to Release College Student’s Educational Records The Supreme Court of Montana[1] has reversed a trial court’s …
Read More

While the U.S. government remains unable to enact comprehensive privacy legislation in response to new technologies and growing privacy concerns, numerous states across the country, including New York, have adopted privacy laws and regulations seeking to address specific issues or that are applicable to specified entities. Some of these new rules affect a broad swath …
Read More

In a recently issued report, titled “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” Consumer Watchdog, a nonprofit consumer advocacy organization, warned that millions of internet-connected cars already on the roadways may be dangerously vulnerable to hacking. While fully autonomous self-driving vehicles may be years away from widespread …
Read More

Organizations big and small are making significant investments in cybersecurity. Yet, unlike other investments, it’s difficult to assess a company’s return on investment for its cybersecurity spending. And while businesses in regulated industries must invest in cybersecurity to remain in compliance with prevailing laws and therefore stay in business, there is no such straight line …
Read More

Section 230(c)(1) of the Communications Decency Act of 1996 (CDA) was enacted to facilitate the growth of the internet, by immunizing internet service providers (ISPs) from liability in connection with third party content that appeared on their “interactive computer service.” It states: “No provider or user of an interactive computer service shall be treated as …
Read More

Recent settlements of Federal Trade Commission (FTC) actions against Facebook and Equifax received significant publicity for the deals’ large payments to consumers and the Commission. Facebook’s deal calls for a $5 billion penalty for misuse of user’s private data. The Equifax deal requires the company to pay up to $575 million to consumers whose personal …
Read More

On July 25, 2019, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into law by Governor Cuomo. It will become effective on October 23, 2019. The Act makes important updates to the way that businesses must respond to data breaches and imposes new requirements on businesses to enact data security programs …
Read More

On July 29, 2019, a judgment was issued by the European Union’s Court of Justice that highlights the need for online businesses to be aware of how user data is shared when third party plug-ins are included on their websites. The Court of Justice’s decision has been highly anticipated as to it reflects the extent …
Read More