On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require certain covered financial institutions to report a broad range of data breaches and other unauthorized data disclosures to the FTC. With a broader scope than existing obligations, quick […]
On 11 July 2023, the Circuit Court of Ireland awarded 2,000 euros in compensation to a plaintiff seeking ‘non-material damage’ under Article 82 of the General Data Protection Regulation, in what is believed to be the first case in the European Union to follow the recent Court of Justice of […]
At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of investigation, CNIL has published its decision (available in French only) imposing a fine […]
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.
In Attias v. CareFirst, Inc., the U.S. District Court for the District of Columbia (D.D.C.) jumpstarted the debate concerning the harm plaintiffs must allege to move forward with data breach class action litigation. In recent years, courts across the country have disagreed about what constitutes an “injury-in-fact” when an individual’s […]