U.S.-EU Data Sharing Pact Invalidated; Two Lawsuits Based on October Breaches; Dow Jones & Co. Breached; California’s New Comprehensive Privacy Law; California Revises Breach Notification Requirements; California Smart TV Notice Requirements; California Targets “Hackers for Hire”; Cybercrime Costs Increase

Top EU Court Invalidates U.S.-EU Safe Harbor

On October 6, 2015, the European Court of Justice (ECJ) invalidated the safe harbor agreement that governed the transfer of digital information between the U.S. and the European Union.  The ECJ found U.S. data protection policies offer inadequate protection to EU citizens’ privacy rights, a result of the broad data access practices for U.S. national security and law enforcement purposes.  The European Commission announced its intent to provide guidance on transatlantic sharing policies in light of the decision, and also identified other mechanisms for data sharing in the absence of the safe harbor agreement.  For more coverage of this decision and its impact, see our recent alert here.

California Class Action Suits Filed Based on October 2015 Data Breaches

Two proposed class action suits have been filed in California federal courts in connection with recent breaches announced by T-Mobile and Scottrade.  One suit alleges that T-Mobile and Experian’s negligence and breaches of contract led to the exposure of more than 15 million T-Mobile subscribers’ information.  The compromised information includes encrypted Social Security numbers and driver’s license information.  The complaint also alleges that Experian’s failure to secure customer information recklessly violated the Fair Credit Reporting Act. The second suit seeks relief from Scottrade for a breach affecting 4.6 million users of the brokerage firm’s services.  Scottrade confirmed that customer mailing information was compromised, but could not rule out exposure of more sensitive data. In addition to the California class action against Experian, a coalition of more than 20 consumer advocacy organizations have asked both the CFPB and the FTC to investigate Experian’s privacy and data security practices in light of the T-Mobile breach.Continue Reading Key Privacy & Cybersecurity Developments: October 5, 2015 – October 11, 2015