Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector. This digest summarizes the most notable events in data security this week.
Adobe Reaches Preliminary Settlement with Class Action Plaintiffs Over Breach
Adobe has asked the Court to approve a class action settlement stemming from a 2013 security breach. The settlement requires Adobe to implement reasonable security measures with respect to intrusion detection, network segmentation, and encryption, and to submit to a security audit to ensure implementation of the measures. Each named plaintiff in the class will also receive $5,000, and Adobe will pay $1.18M in attorneys fees and costs.
New Hampshire Student Data Bill Passed
Effective August 11, 2015, the New Hampshire Department of Education will be required to maintain a data security plan to protect the personally-identifiable information of it students and teachers, which includes privacy compliance standards, privacy and security audits, a breach notification plan, and a data retention policy.
EPIC Files Request with FTC to Investigate Uber Customer Tracking
Suit Filed Against Marketing Firm for Using Verizon Supercookies
Marketing Firm Turn has been sued in California court for allegedly using supercookies on phones and computers to track Verizon internet subscribers and collect information on subscribers’ browsing history and app usage.
Experian Data Breach Resolution Releases Whitepaper on Breach Legislation
Experian Data Breach Resolution released a whitepaper on the current state of legislation related to data breach, highlighting areas such as complex state laws, congressional advancement on federal breach regulation, and global regulation.
NLRB Rules Macy’s Confidential Information Provisions in Employee Handbook are Unlawful
The National Labor Relations Board ruled that Macys employee handbook contains overly broad confidential information policies in violation of the National Labor Relations Act. Specifically, the handbook improperly restricts employees from discussing the terms and conditions of their employment with others who may be interested in the union movement, including restricting the release of personal information such as employees’ names and home contacts, and improperly requires employees to notify HR prior to providing information for a government investigation.
Apple Moves to Prevent App-Scanning
Apple has announced an iOS 9 update that will eliminate the ability of developers to access the data generated from a user’s use of other, previously-installed apps. This will primarily affect advertisers who use app-scanning to tailor its ads to consumers.
Sony Suit Survives Standing
A California court held that Sony plaintiffs have suffered a significant injury sufficient to support Article III standing, because their personally-identifiable information was posted on file-sharing websites where it could be accessed by identity thieves, and because the PII has been used to send threatening emails to plaintiffs and their families.