Blog Posts Tagged With Enforcement Actions

Subscribe to Enforcement Actions RSS Feed

The Rise of State Consumer Protection Act Cyber Cases

Plaintiffs in data breach cases have tried many theories of recovery, including negligence, negligence per se, violations of state data protection statutes, violations of the Fair Credit Reporting Act, breach of fiduciary duty, and violations of the constitutional right to privacy, with mixed results.

Courts have rejected many of these claims, but plaintiffs and regulators are increasingly having success with allegations of unfair business practices.  At the federal level, the Federal Trade Commission (“FTC”) has … Continue Reading

One Million Dollar Breach Notification Fine for Indian Bank Shows Increased Efforts by Regulators to Force Information Sharing Following a Breach

The $1 million fine that was recently levied against Yes Bank shows the increasing risks of failing to provide timely breach notification.  On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations.  Yes Bank experienced a cyber breach around May 2016, but did not become aware of the incident until September 2016.  … Continue Reading

Will Equifax Lead to Increased State-Level Cybersecurity Enforcement?

Regulators in almost every U.S. state have the authority to enforce cybersecurity compliance under their state’s laws, but until recently, they have rarely exercised this power, leaving enforcement mostly to federal agencies like the FTC.  With the recent Equifax breach, this appears to be changing.

The Massachusetts Attorney General filed a complaint against Equifax on September 17, 2017, asserting that Equifax violated Massachusetts Data Security Regulations by failing to safeguard personal information of credit applicants.  … Continue Reading

CFPB Brings First Ever Data Security Enforcement Action: Review and Analysis

CFPB Brings First Ever Data Security Enforcement Action: Review and Analysis (3/9)

On March 2, 2016, the CFPB announced that it had settled an enforcement action with Dwolla, Inc., an online payment platform, for making allegedly deceptive statements regarding its data security practices and the safety of its online payment system. Dwolla agreed to pay a $100,000 civil penalty and to undertake measures to improve its data security.… Continue Reading

LexBlog