On April 30, 2018, BLU Products, Inc. (“BLU”) reached a settlement with the Federal Trade Commission (“FTC”) over allegations that BLU allowed ADUPS Technology Co. LTD (“ADUPS”) to collect detailed personal information about BLU’s consumers without their knowledge or consent, despite BLU’s assurances that it would keep the information secure and private, and that BLU generally failed to implement appropriate security procedures to oversee the security practice of its … Continue Reading
Plaintiffs in data breach cases have tried many theories of recovery, including negligence, negligence per se, violations of state data protection statutes, violations of the Fair Credit Reporting Act, breach of fiduciary duty, and violations of the constitutional right to privacy, with mixed results.
Courts have rejected many of these claims, but plaintiffs and regulators are increasingly having success with allegations of unfair business practices. At the federal level, the Federal Trade Commission (“FTC”) has … Continue Reading
On Halloween, the New York and Vermont attorneys general obtained a $700,000 settlement from Hilton for, among other violations, late breach notification. Earlier this week, we noted that the Reserve Bank of India (“RBI”) imposed a $1 million USD fine on India’s Yes Bank for violating RBI’s 2 to 6 hour data breach notification requirement. So, as we have been predicting for some time, it seems that regulators are starting to step up enforcement and … Continue Reading