Target Settles Data Breach Claims with Banks and Insurers

On Thursday, Target agreed to settle claims with a group of financial institutions arising from its 2013 data breach involving customers’ credit card information.  Target reportedly will pay $39 million to settle the class-action suit in federal court in Minnesota.  This settlement follows a $67 million settlement with Visa in August and a $10 million settlement of a consumer class action in March.

Chinese Government Arrests Suspected OPM Hackers

The Washington Post reported Wednesday that Chinese officials arrested several hackers purportedly connected with the data breach of 22 million OPM personnel records earlier this year.  The arrests occurred shortly before President Xi’s September state visit.  The Post noted that one U.S. official responded that “[w]e don’t know that [sic] if the arrests the Chinese purported to have made are the guilty parties . . . [t]here is a history [in China] of people being arrested for things they didn’t do . . . .”

OMB Director Donovan Announces New Federal Privacy Council

In a speech Wednesday to the Federal Privacy Summit, Office of Management & Budget (OMB) Director Shaun Donovan announced the establishment of the Federal Privacy Council.  The Council will be tasked with interagency integration and sharing of best-practices and to “professionalize the privacy profession.”

Senator Cotton Announces New Surveillance Bill

Freshman Sen. Tom Cotton (R-AR) announced legislation this week (called the “Liberty Through Strength Act II”) to allow the NSA to retain bulk data gathered under the agency’s metadata collection program, which expired Sunday.  The bill will likely face Tea Party and libertarian-conservative objections; FreedomWorks CEO Adam Brandon called the bill “Big Brother on steroids.”

Court Rules State Law Claims Against Anthem for Data Breach Preempted by ERISA

Judge Lucy Kohn (N.D. Cal.) on Wednesday dismissed state law claims against Anthem Insurance arising from a February data breach.  The plaintiffs’ complaint, originally filed in New York state court, claimed breach of contract and unjust enrichment.  Judge Kohn ruled that the state law claims “duplicate[d], supplement[ed] or supplant[ed]” an ERISA civil remedy, and thus ERISA preempted the claims.

EU Member States Heighten Fines for Data Protection Violations

EU member states on Wednesday accepted a proposal to raise to 4% of global revenue the potential sanctions companies could face for breaching EU data protection rules.  This move would, for the first time, unify disparate laws of member states and increase regulatory zeal in this space.  Some members of the European Parliament have proposed a 5% cap, and the two sides hope to find a compromise by year end.

Senator Markey Beginning to Investigate Airlines, Aircraft Manufacturers

Sen. Ed Markey (D-MA), who last year complained about auto manufacturers’ information security systems, this week signaled that he’s interested in investigating airlines and aircraft manufacturers about their aircrafts’ cybersecurity systems. Senator Markey sent letters requesting information to several major air carriers and manufacturers.