NY A.G. settles with online retailer Bombas which failed to notify data breach involving credit cards details

  On June 6, 2019 Attorney General Letitia James, announced a $65,000 settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach occurred to 39,561 consumers. In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed […]

Nigeria’s extensive data protection law is in force

On April 25, 2019, the Nigeria Data Protection Regulation 2019 entered into force. The Regulation was issued by the National Information Technology Development Agency, NITDA, and it mirrors the EU General Data Protection Regulation (GDPR). The Regulation’s scope of application is quite broad. It applies to all transactions intended for the processing of personal data […]

North Carolina bill to amend Identity Theft Protection Act and to increase consumer protection post-breach

On April 16, 2019, North Carolina House of Representative introduced H.B. 904. The Bill amends the Identity Theft Protection Act. Among the many changes introduced, the Bill: amends the definition of security breach to include any incident of “unauthorized access to or acquisition of (was, access to and acquisition of) unencrypted and unreacted records or […]

Washington state modifies its breach notification law

  On April 22, 2019, the House of Representatives modified chapter 19.255 RCW to amend its data breach notification law. The definition of “data breach” does not change. The security of the system means “unauthorized acquisition of data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.” But […]

Massive violation of US households data

  On April 30, 2019, vpnMentor published an article revealing that hacktivists Noam Rotem and Ran Locar discovered an unprotected database impacting up to 80 million American households (65% of US households). The 24 GB database was hosted by a Microsoft cloud server and included the number of people living in each household with their full […]

FTC’s investigation into Facebook data practices could result in a fine up to 5 billion, Facebook estimates

On April 24, 2019, Facebook published its financial results for the first quarter, where it estimated a probable loss and recorded an accrual of $3 billion  in connection with an investigation by the Federal Trade Commission  (FTC).  The investigation could result in a penalty of up to 5 billion. The FTC began its investigation into […]

EDPS’s Guidelines on Article 6(1)(b) lawful basis for processing in online services open for comments until May 24

On November 9, 2019, the European Data Protection Board (EDPB) adopted guidelines on the GDPR’s lawful basis for processing. In particular, the EDPB provided guidance on the “contractual necessity basis for processing personal data in the context of online services.” Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context […]