Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: identity theft

Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

New Federal Court Decision Affirms the Standing Doctrine as a Critical Hurdle to Data Breach Actions

On Monday, a federal district court dismissed two related putative class action suits filed against Nationwide Mutual Insurance Company following a data breach at Nationwide in October 2012 that affected over 1 million individuals. The opinion shows that courts remain skeptical of plaintiffs’ ability to show any real injury from the fact that their personally identifiable information was compromised without some additional evidence of concrete harm such as identity fraud. The opinion also sheds important light on the ability of plaintiffs to overcome this standing barrier by alleging that their injury derives from the violation of a federal statute.

Posted in Consumer Privacy, Financial Privacy

FTC Issues New Red Flags Rule Guidance

The Federal Trade Commission (“FTC”) recently issued a revised guidance (“Guide”) on the Red Flags Rule (“Rule”) (see “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”). The Red Flags Rule requires certain businesses to develop, implement and administer an identity theft protection program. The purpose of this Guide is to [...]

Posted in Cybersecurity & Data Breaches

SEC and CFTC Propose Identity Theft Red Flags Rules

The FTC Red Flags Rules were not specific to the securities industry and there was some confusion as to which entities were subject to their requirements. This blog entry describes proposed rulesto applyRed Flag rules to certain broker-dealers, investment companies, investment advisers, futures commission merchants, commodity pool operators, introducing brokers, and other SEC- and CFTC-regulated entities

Posted in Consumer Privacy, International/EU Privacy

Social Network Impersonator Fined by Spanish Data Protection Authority In New Exercise of Regulatory Authority

On October 20th, the Spanish Data Protection Authority, the Agencia Espanola de Protecccion de Datos (AEPD), announced an unprecedented decision against an individual who impersonated someone on a social networking site and thus engaged in identity theft. The AEPD fined the individual who had created a profile in a sexually-oriented social network, and chose not to proceed against the online host of the offending content.