FTC Amends Safeguards Rule to Expand Notification Requirements for Data Breaches and Information Security Events

On October 27, 2023, the Federal Trade Commission (FTC) announced sweeping amendments to its Safeguards Rule. Now non-banking financial institutions will be required to report information security breaches and related events. This includes entities such as mortgage brokers, accountants, investment advisers, car dealers, and payday lenders, all of whom hold significant consumer personal financial information. […]

Law Firm Faces Off Against Carrier/Client for Data Breach

An Unexpected Adversary and Risk in Notice Decisions? You expect consumer complaints and even class action threats in the wake of a law firm data breach. But does a defense law firm expect to be sued by the carrier for the clients it represents? Whether surprising or not, it is happening and law firms must […]

Standing in Data-Breach Cases – Risk of Future Injury Remains Unsettled: SCOTUS Skirts Apparent Circuit Conflict

Today the U.S. Supreme Court denied a cert petition in a matter aimed at resolving whether a plaintiff who alleges a substantial risk of harm in the future has standing under Article III of the Constitution. A ruling in the case, CareFirst v. Attias, would have had major implications for data-breach litigation and in class actions […]