While businesses rightfully have been focused on preparing for the California Consumer Privacy Act (“CCPA”), the Nevada and Maine Legislatures have moved forward with legislation that, like the CCPA, features new requirements relating to the sale of consumer personal data. The Nevada bill, which was signed into law on May 29 and amends an existing

Earlier this week, a federal district court in New Jersey issued an opinion ruling on Wyndham Worldwide Corporation’s and three of its subsidiaries’ (collectively “Wyndham’s”) motion to dismiss, finding for the FTC on all grounds.  While the court noted that the “decision does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked,” the opinion underscores the risk exposure for companies that incur a data breach (or otherwise collect/store consumer data), and face FTC scrutiny thereafter as to whether their information safeguard practices are consistent with FTC expectations.  While the FTC has reached over 50 data security settlements, this case represents the first time that the FTC is litigating its theory that a business’s privacy and data security practices may be unfair and/or deceptive under Section 5 of the FTC Act.
Continue Reading Wyndham Hits a Wall in Challenge to FTC Data Breach Authority

On June 2, 2011, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade held a hearing examining threats posed to data security and the much publicized data breaches at Sony and Epsilon. The hearing, “Sony and Epsilon: Lessons for Data Security Legislation” focused on the recent Epsilon and Sony data breaches and the

Today, the FTC announced data security settlements with two companies based on allegations that the companies failed to employ reasonable data security measures. The twist in these cases, compared to prior FTC cases, is the focus on companies who act as service providers to businesses related to their employee data (as opposed to customer data).