On March 15, 2022, the Federal Trade Commission (“FTC”) issued a proposed settlement with online custom merchandise platform CafePress in connection with the company’s alleged: (1) failure to implement reasonable security measures to secure consumers’ Personal Information; and (2) attempt to cover up a significant 2019 data breach. The proposed settlement would require CafePress to … Continue Reading
In April, the Federal Trade Commission settled charges against Progressive Leasing, a company that markets virtual rent-to-own payment plans to retail stores nationwide. Unlike traditional rent-to-own companies, Progressive does not operate its own brick-and-mortar stores. Instead, Progressive markets its rent-to-own payment plans to consumers who shop at certain retail stores or websites, primarily those in … Continue Reading
The Federal Trade Commission’s (FTC) recent $5 billion settlement with Facebook is unprecedented in multiple respects: The $5 billion penalty represents the largest privacy and data security settlement in history – it is almost 20 times larger than the recent Equifax Inc. settlement and dwarfs recent EU data protection enforcement actions. As part of the … Continue Reading
The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital … Continue Reading
In a span of a few weeks in early January 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced two major settlements under the Health Insurance Portability and Accountability Act (“HIPAA”) relating to the breach of protected health information (“PHI”). Neither settlement included an admission of any liability, but … Continue Reading
Still recovering from its 2013 data breach, Target Corp. agreed to a $39 million settlement with a class of banks suing the well-known retailer, marking the settlement as the first class-wide data breach pact ever reached on behalf of financial institutions. Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 … Continue Reading
More than a year-and-a-half after Target’s December 2013 announcement of a massive data breach, the retailer has reached an agreement with Visa, whereby it will reimburse Visa and certain affected card issuers up to $67 million for expenses incurred in connection with the breach. This will include costs associated with reissuing cards. The agreement comes … Continue Reading