On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]
Enforcement
EU DPAs Announce Post-Schrems Enforcement Plans
Today, the European Court of Justice (ECJ) issued its much-anticipated decision in the Schrems II case. As we analyze in detail in an earlier blog post, the ECJ’s decision invalidates Privacy Shield while leaving Standard Contractual Clauses (SCCs) formally intact – although relying on SCCs may become more complicated than in the past. A number […]
The FTC Expands its FCRA Enforcement Activity In Action Against Retailer
Most businesses are already familiar with the Fair Credit Reporting Act (“FCRA”) and the various requirements to protect the fairness, accuracy, and privacy of consumer credit information. However, a recent FTC enforcement action against the retailer Kohl’s Department Store, Inc. (“Kohl’s”) has brought a rarely used provision of the statute to light. This provision—codified […]
California AG Publishes Final CCPA Regulations, Seeks Possible July 1 Effective Date
Since the California Consumer Privacy Act (CCPA) entered into force on January 1, 2020, many companies have been closely following the development of CCPA Regulations by the California Attorney General’s Office (AG’s Office). The AG’s Office released an initial draft of the CCPA Regulations in October 2019, prompting over 3,000 pages of public comment (read […]
COVID-19 Is Not A Free Pass For Privacy And Security Compliance
In the wake of stay-at-home orders stemming from the COVID-19 pandemic, companies have rushed to provide work-from-home options for many, if not all, of their employees. As exigency fades into the new normal, however, the California Attorney General and New York’s Department of Financial Services (NYDFS) – two key privacy and security regulators – have […]