Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector. This digest summarizes the most notable events in data security this week.
Seven California Privacy Bills to Watch
Law360 has compiled a summary of seven privacy bills introduced in California this year that, if enacted, may have a significant impact on the privacy landscape.
Insurance Company has no Duty to Defend Data Breach
Connecticut Supreme Court held that an insurer had no duty to defend its insured in litigation arising from a data breach involving the lost computer tapes containing personal information. The breach was not considered a “personal injury” as defined by the policy, because there was no “publication” of the information on the tapes.
FTC Commissioner Provides Insight into IoT Regulation
The Commissioner expanded on FTC enforcement actions related to the Internet of Things and provided a number of recommendations for regulating this space without inhibiting it, including the avoidance of regulation by slogan (such as “security by design”) without meaningful accompanying content and the need to articulate a cognizable harm.
[FTC.gov — PDF]
RadioShack Reaches Bankruptcy Data Sale Deal
A court approved an agreement to prevent RadioShack from selling, transferring or disclosing the data of Verizon and AT&T customers through the acquisition of RadioShack by General Wireless.
FINRA Fines a Broker-Dealer for Lack of Policies
FINRA fined broker-dealer Sterne, Agee & Leach, Inc. for violations of a regulation requiring all broker-dealers to develop and implement policies ensuring the security of customer records. Specifically, the firm failed to support laptop encryption despite recognizing the need for such encryption as far back as 2009.
NY AG and FCC Question PayPal and eBay Over Auto-Dialing Policies in New User Agreements
The New York Attorney General and FCC General Counsel have written letters to PayPal and eBay expressing concerns that new provision in user agreements expressly allowing the companies to make autodialed or prerecorded calls may violate the Telephone Consumer Protection Act and Fair Debt Collections Practices Act. PayPal and eBay’s agreements become effective July 1 and June 15, respectively.
Senate Rejects Cyber information-sharing Bill
A cyber information-sharing bill attached as an amendment to the National Defense Authorization Act failed to advance past the Senate, four votes short of a majority. The bill, intended to increase cyber information sharing between the public and private sectors, is expected to be resurrected independent of the defense bill with more support.
[National Law Journal]
Financial Institutions Bring Class Action Suit Against Home Depot Following Breach
A consolidated class of financial institutions have brought suit against Home Depot stemming from a data breach in 2014, alleging violations of industry standards such as PCI DSS, failing to comply with FTC requirements, and under various state consumer protection and data security laws.
[In re: The Home Depot, Inc. Customer Data Breach Litigation — PDF]