On March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) on the issue of whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act. This appeal arises out of the District Court’s holding that the unfairness prong […]
Litigation
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
District Judge Upholds Decision Requiring Microsoft to Provide Irish Data to U.S. Investigators
On July 31, Federal District Judge Loretta A. Preska (Southern District of New York) upheld the decision of a magistrate judge requiring Microsoft to turn over the contents of customer email stored in Ireland to U.S. investigators. The magistrate’s April decision was previously discussed on this blog. Federal investigators had obtained a warrant for the email […]
Florida Enacts One of Nation’s Most Stringent Data Breach Notification Laws; Includes 30-Day Notice Requirement
On June 20, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014, which updates Florida’s data breach notification law. The changes will take effect on July 1 of this year. Changes to the law include the addition of health insurance policy numbers, medical information, and online account information (such as security questions […]
West Virginia High Court Finds Standing without Harm for Invasion of Privacy Claim in State Data Breach Class Action
The West Virginia Supreme Court of Appeals recently issued an important – but outlier – decision in a data breach class action. In a per curiam decision, the Court held that the plaintiffs had standing to bring their claims even though discovery revealed that not a single class member – much less the named plaintiffs […]