Data Security

FTC Investigations: What To Expect When The FTC Comes Calling

A huge range of businesses – from “Mom and Pop” retail stores to large, multinational firms – collect and keep personal consumer information. The Federal Trade Commission (“FTC” or the “agency”) is the federal regulator overseeing the safety of that information. If your business maintains any consumer information, the FTC may review your data security practices. (more…)

Wyndham’s Shot Across the Bow: A Challenge to the FTC’s Authority to Enforce Data Security Standards

After the hotel chain Wyndham Worldwide Corporation (“Wyndham”) suffered three data security breaches in the span of two years, the Federal Trade Commission (“FTC”) brought suit against Wyndham under Section 5 of the FTC Act.  The FTC alleged that Wyndham had engaged in unfair and deceptive trade practices by: (1) failing to implement reasonable and appropriate data security measures to secure its customers’ personal information; and (2) misrepresenting that it had implemented such reasonable and appropriate measures to its customers. (more…)

eBay Fumbles Breach Notification

Recently, eBay discovered that hackers utilized the credentials of three of its corporate employees to gain access to user’s non-financial personal information. Users’ encrypted passwords, names, addresses, phone numbers and dates of birth were exposed as a result of the breach. (more…)

LinkedIn Privacy Claim Survives a Motion to Dismiss

To date, consumers have been largely unsuccessful in suing companies that have allowed their personal information to be exposed through a data security breach. However, a California plaintiff suing LinkedIn recently fended off an early attempt by the defendant to dismiss her claims. (more…)

Data Security Starts With the Simple Stuff

When thinking about data security breaches, people often envision highly skilled hackers employing sophisticated techniques to obtain access to protected data.  Consequently, many small businesses and organizations assume that they lack the knowledge or resources to implement effective data security measures.   (more…)

Why Your Organization Needs a Data Incident Response Plan: The Growing Need for a Planned Response.

Data security breaches affect organizations of all sizes.  Whether it is Zappos.com with its 24 million customer accounts[1] or your local Subway franchise,[2] no business is immune from the threat of a data security breach.  Breaches occur in all manners — from sophisticated hacking intrusions to simple thefts of laptops and cell phones.[3] Therefore, all organizations should plan for the possibility of a data security incident. (more…)

Once More unto the Breach: Courts Give Consumers More Rights for Cyber-Data Security Breaches

Is the legal tide turning for consumers whose personal on-line information is hacked? Data security breaches are becoming more common, but until recently, consumers have been largely unsuccessful in suing companies where their personal information was exposed. In fact, most courts have dismissed these suits even before they get to trial. The courts’ basic legal theory has been “no harm, no foul.” So long as consumers’ accounts were reimbursed for any fraudulent charges resulting from the hacking, their other related costs resulting from the inconvenience were not recoverable. (more…)