Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector.  This digest summarizes the most notable events in data security this week.

Privacy Advocates Quit Facial Recognition Talks with NTIA

After 16 months of working with with the National Telecommunications & Information Administration, nine privacy and consumer groups withdrew from discussions regarding the creation of a voluntary code of conduct for companies using facial recognition technology.  The groups were unable to reach a consensus with the NTIA over the level of consumer approval that should be required for the use of facial recognition technology.
[Talks with NTIA]

LastPass Data Breach

Password management company LastPass revealed on June 15th that unauthorized users hacked into its system and accessed users’ email addresses, password reminders, and other authentication information.  LastPass has assured users that data vaults were not exposed.
[LastPass]

LinkedIn Settles Proposed Email Harvesting Class Action for $13M

LinkedIn agreed to pay $13M to settle a proposed class action suit alleging that the company accessed users’ email contacts without permission to send out LinkedIn invitations.  LinkedIn also agreed to change its disclosure language related to email account access and invitations to connections.
[LinkedIn]Continue Reading Key Privacy & Cybersecurity Developments: June 15-19, 2015

Litigation and regulation surrounding privacy and cybersecurity is continuously developing, both within the government and the private sector. This digest summarizes the most notable events in data security this week.

Seven California Privacy Bills to Watch 

Law360 has compiled a summary of seven privacy bills introduced in California this year that, if enacted, may have a significant impact on the privacy landscape.
[Law360]

Insurance Company has no Duty to Defend Data Breach

Connecticut Supreme Court held that an insurer had no duty to defend its insured in litigation arising from a data breach involving the lost computer tapes containing personal information. The breach was not considered a “personal injury” as defined by the policy, because there was no “publication” of the information on the tapes.
[PrivaWorks.com]Continue Reading Key Privacy and Cybersecurity Developments: June 8-12, 2015