Ever since the public launch of OpenAI’s ChatGPT, the world has been gasping at the astonishing accomplishments of this generative AI chatbot: a simple “prompt” in the form of a question (“which are the most important decisions of the CJEU in copyright?”) will receive a credible response within seconds (“The Court of
Data Breach
SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud
Concluding its investigation into the internal accounting controls of nine public issuers who were recent cyber fraud victims, the Securities and Exchange Commission (“SEC”), Division of Enforcement explicitly reminded issuers to consider cyber-related threats in developing and deploying their Section 13(b)(2)(B) internal accounting controls.
The SEC emphasized the importance of tailoring internal accounting controls to cyber-related threats, noting that cyber frauds like those carried out in the nine cases it investigated have caused “over $5 billion in losses since 2013, with an additional $675 million in adjusted losses in 2017.”
Continue Reading SEC Encourages Internal Accounting Controls to Guard Against Cyber Fraud
FERC Proposes to Require Expanded Cyber Security Incident Reporting
The Federal Energy Regulatory Commission (“FERC”) recently proposed that the North American Electric Reliability Corporation (“NERC”), which is responsible for promulgating and enforcing FERC-approved mandatory electric reliability standards, revise its Critical Infrastructure Protection (“CIP”) standards to require additional circumstances under which reporting of cybersecurity incidents is mandatory. FERC’s goal is to enhance the awareness of…
FTC Settles First Connected Toy Case With VTech After Massive Data Breach
On January 8, 2018, the FTC announced settlement of its first connected toy case with VTech Electronics Ltd (“VTech”) for violating the Children’s Online Privacy Protection Act (COPPA) Rules by failing to properly collect and protect personal information about and from children and violating the FTC Act by misrepresenting its security practices. In addition to paying a $650,000 civil penalty, VTech agreed to comply with COPPA, implement and maintain a comprehensive information security program with regular third-party security audits for the next twenty years, and not misrepresent its privacy and data security practices.
The settlement comes more than two years after VTech learned that a hacker had gained remote access to databases for its interactive electronic learning products (ELPs), including for its Kid Connect chat application, in what was described at the time as the largest known hack targeting children. According to the FTC’s Complaint, the hacker accessed VTech’s databases “by exploiting commonly known and reasonably foreseeable vulnerabilities,” and VTech was unaware of the intrusion until it was informed by a reporter.
Continue Reading FTC Settles First Connected Toy Case With VTech After Massive Data Breach
Law Firm Data Security Seminar
Please join us for a seminar on December 5 in Washington, D.C. or December 6 in New York City on “Law Firm Data Security”. Our very own Partner Evan Wolff will be presenting alongside RSA’s Doug Howard and Niloofar Howe. Our panelists will cover all sorts of critical issues such as:
- How to defend high-demand
…
D.C. Circuit: Alleged theft of healthcare subscriber information satisfies Article III harm standard under Spokeo
The U.S. Court of Appeals for the D.C. Circuit has now weighed in on whether plaintiffs can bring a putative class action arising from an alleged data breach in lieu of allegations of actual misuse of compromised data. Emphasizing the “low bar to establish [] standing at the pleading stage,” the D.C. Circuit reversed a…
New Jersey Restricts Retailers’ Collection and Use of Customer Information
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey. As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on…
FTC Submits Public Comment to Working Group Tasked with Developing Guidance on IoT Security, Upgradability, and Patching
On June 19, 2017, the Federal Trade Commission (FTC) issued a public comment regarding the National Telecommunications & Information Administration’s (NTIA) draft guidance titled Communicating IoT Device Security Update Capability to Improve Transparency for Customers. In commenting on the guidance, the FTC acknowledged the benefits of and challenges to IoT device security, and encouraged…
Judge Approves Neiman Marcus Data Breach Settlement
Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any…
Data Breach Class Action Dismissed for Not Establishing Economic Injury
Earlier this week, a federal Illinois court dismissed a class action against book retailer Barnes & Noble that alleged breach of contract, invasion of privacy, and violations of state consumer fraud and breach reporting laws. The case, dismissed for failing to establish economic harm, marks another data point in demarcating actionable data breaches and highlights…