This past week, the Ponemon Institute announced their publication of the results of their fifth annual study on the costs of data breaches for U.S.-based companies. The study was sponsored by the PGP Corporation. A similar report for U.K.-based companies was also released. This year’s report, entitled 2009 Annual Study: Cost of a Data Breach, displays the results of the Ponemon Institute’s research of data breach incidents occurring in 2009.
Overall, as with previous years, the study found that U.S. organizations continue to experience increased costs associated with the data breaches they experience.
January 2010
District Court Rules TCPA Applies to Text Messages Even Though Recipient Not Charged to Receive the Message
By Andrew Hoffman on
The U.S. District Court for the Northern District of Illinois recently ruled that a plaintiff may maintain a suit for receiving an unsolicited text message under the Telephone Consumer Protection Act (TCPA) of 1991, even though the plaintiff was not actually charged for receiving the message. In the ruling, the court noted that in enacting the TCPA, Congress was concerned with consumers’ privacy rights and the nuisances of telemarketing.
…
French Supreme Court Limits the Scope of the Whistleblowing Processes
By Cecile Martin on
The implementation of codes of conduct and whistleblowing systems is expanding at the international level. Global companies must pay attention to local law requirements when rolling out these codes in foreign countries, in order notably to comply with the rules and regulations provided by the local data protection authorities to …
Northern District of Illinois Foreshadows Tough Row[e] to Hoe for Identity Exposure Plaintiff, but Denies Motion to Dismiss
By Proskauer Rose on
On January 5, 2010, Judge William Hibbler of the U.S. District Court for the Northern District of Illinois became the latest federal district judge to share his views about whether an increased risk of future harm based on the inadvertent exposure of personal information is a legally cognizable harm. In Rowe v. UniCare Life & Health Insurance Co., No. 1:09-cv-2286 (N.D. Ill. Jan. 5, 2010), Judge Hibbler . . . hinted that the plaintiff’s claims for violations of the Fair Credit Reporting Act (“FCRA”) and the Illinois Insurance Information and Privacy Act, as well as his common law claims of invasion of privacy, negligence and breach of implied contract, may ultimately be dismissed if the plaintiff failed to show a basis for damages other than his alleged increased risk of future harm, such as identity theft.
…
District Court Rules E-mail Order Confirmations Not Subject to FACTA
By Proskauer Rose on
Judge John W. Darrah of the Northern District of Illinois Eastern Division held that FACTA’s prohibition against the electronic printing of a debit or credit card’s expiration date on receipts was inapplicable to e-mail order confirmations.
…
EU Article 29 Working Party Elevates Israel to Rank of Select Few Countries That Are Deemed to Possess “Adequate” Data Protection Laws
By Jeremy M. Mittman on
On January 5, 2010, the EU Article 29 Data Protection Working Party published an opinion finding that Israel provides an "adequate" level of data protection under the EU Data Protection Directive. Should the European Commission ("EC") adopt the Article 29 Working Party’s recommendation (and there is no reason to think that it would not), Israel will join the ranks of the select few countries that the EU has deemed to have an "adequate" level of data protection, such as Argentina, Canada, and Switzerland (notably, the United States is not on this list).