An unhappy new year for Currys PC World and Dixons Travel stores, as the ICO has issued owners DSG Retail Limited with a Monetary Penalty Notice of £500,000 for serious security failings involving Point of Sale (“POS”) terminals in stores. Although the incident was investigated and addressed under the pre-GDPR legislation, the fine represents the … Continue Reading
In recent days, all eyes have been on the escalating tension between Iran and the US. While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading
Gone are the days when ransomware attacks inflicted the unlucky few. Today, all companies and organizations are susceptible to attack, no matter their size or industry. In a client alert, our Data Breach Response team discusses the rising trends in ransomware attacks, the implications of becoming a victim, and what you can do to protect … Continue Reading
This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading
I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading
On January 25, 2019, the Illinois Supreme Court ruled that a consumer need not demonstrate an adverse effect or specific harm, such as evidence that personal information was stolen or misused, to have standing to sue under the state’s Biometric Identity Protection Act (BIPA). The court held that a procedural violation of the law itself … Continue Reading
In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.… Continue Reading
On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA. The ICO … Continue Reading
With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy. Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 6 November 2017. … Continue Reading
The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns. Regardless of industry sector, size or commercial focus, companies not only … Continue Reading
