California Governor Brown is preparing to sign into law a new data security breach notification bill (S.B. 46) that expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answer that would permit access to […]
California Establishes Digital Privacy Rights Law for Minors: S.B. 568 Expands Online Privacy Protections Beyond Federal COPPA Rules and Extends Rights to All Children Under 18 Years of Age
California Governor Brown is preparing to sign into law an unprecedented children’s online privacy bill (S.B. 568), which adds a new chapter to the State’s Business and Professions Code (BPC) to protect the online privacy of children and teenagers who are under 18 years of age and reside in the State of California. The bill […]
NIST Meeting to Finalize Cybersecurity Framework
Ongoing efforts to finalize a framework for the development of voluntary cybersecurity standards for critical infrastructure industries continued in Dallas this week. NIST led a workshop with government and private sector officials to work through the details of the draft framework published on August 28th and required under Executive Order 13636. A formal proposal will be issued for […]
Fifth Circuit Revives Banks’ Heartland Data Breach Claims
In Lone Star Nat’l Bank, N.A., et al. v. Heartland Payment Sys., Inc., No. 12-20648 (5th Cir. Sept. 3, 2013) (hereinafter “Heartland”), arising from the now-infamous 2008 data breach, the Fifth Circuit recently reversed a motion to dismiss, finding that the economic loss doctrine did not apply and that various credit card issuers could state […]
Illinois District Court Dismisses Data Breach Claims for Lack of Standing
In In re Barnes & Noble Pin Pad Litigation, No. 1:12-cv-08617 (N.D. Ill. Sept. 3, 2013), the United States District Court for the Northern District of Illinois dismissed a putative class action against defendant retailer Barnes & Noble because the named plaintiffs could not establish injury in fact stemming from the alleged security breach, and […]