Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector.  This digest summarizes the most notable events in data security this week.

Adobe Reaches Preliminary Settlement with Class Action Plaintiffs Over Breach

Adobe has asked the Court to approve a class action settlement stemming from a 2013 security breach.  The settlement requires Adobe to implement reasonable security measures with respect to intrusion detection, network segmentation, and encryption, and to submit to a security audit to ensure implementation of the measures.  Each named plaintiff in the class will also receive $5,000, and Adobe will pay $1.18M in attorneys fees and costs.
[Adobe Settlement]

New Hampshire Student Data Bill Passed

Effective August 11, 2015, the New Hampshire Department of Education will be required to maintain a data security plan to protect the personally-identifiable information of it students and teachers, which includes privacy compliance standards, privacy and security audits, a breach notification plan, and a data retention policy.

EPIC Files Request with FTC to Investigate Uber Customer Tracking

The Electronic Privacy Information Center has filed a request for investigation with the Federal Trade Commission, asking the FTC to investigate Uber’s new privacy policy seeking customers’ permission to collect geolocation and contacts data from users when the application is running in the background.  EPIC argues that this practice is not necessary for Uber to operate, and should be banned.

Suit Filed Against Marketing Firm for Using Verizon Supercookies

Marketing Firm Turn has been sued in California court for allegedly using supercookies on phones and computers to track Verizon internet subscribers and collect information on subscribers’ browsing history and app usage.
[Verizon]

Experian Data Breach Resolution Releases Whitepaper on Breach Legislation

Experian Data Breach Resolution released a whitepaper on the current state of legislation related to data breach, highlighting areas such as complex state laws, congressional advancement on federal breach regulation, and global regulation.

NLRB Rules Macy’s Confidential Information Provisions in Employee Handbook are Unlawful

The National Labor Relations Board ruled that Macys employee handbook contains overly broad confidential information policies in violation of the National Labor Relations Act.  Specifically, the handbook improperly restricts employees from discussing the terms and conditions of their employment with others who may be interested in the union movement, including restricting the release of personal information such as employees’ names and home contacts, and improperly requires employees to notify HR prior to providing information for a government investigation.
[NLRB Decision]

Apple Moves to Prevent App-Scanning

Apple has announced an iOS 9 update that will eliminate the ability of developers to access the data generated from a user’s use of other, previously-installed apps.  This will primarily affect advertisers who use app-scanning to tailor its ads to consumers.
[Apple Announcement]

Sony Suit Survives Standing

A California court held that Sony plaintiffs have suffered a significant injury sufficient to support Article III standing, because their personally-identifiable information was posted on file-sharing websites where it could be accessed by identity thieves, and because the PII has been used to send threatening emails to plaintiffs and their families.