Region: United States of America

T-Mobile agrees to $500 million data breach settlement

After facing dozens of class action lawsuits for a data breach that affected millions of US customers, T-Mobile has agreed to pay a nine-figure settlement – but said the payment is not an admission of guilt.

25 July 2022

Clifford Chance increases US tech presence

The UK-based firm is expanding its technology and privacy offering in the United States with a former Vinson & Elkins partner.

22 July 2022

US data privacy bill sent to the House

A Congressional committee has voted to send the nation’s first bipartisan national data privacy bill to the full US House of Representatives, but lingering partisan and new inter-party divisions could threaten the bill’s path to becoming law.

21 July 2022

CFPB agrees to implement lending data mandate by March 2023

After a 12-year delay, a federal court has finalised a 2023 deadline for the Consumer Financial Protection Bureau to issue a final rule requiring financial institutions to collect and publish certain data.

19 July 2022

Key CPRA revisions to watch ahead of rulemaking

California is set to kick off the formal rulemaking process to adopt the Consumer Privacy Rights Act (CPRA). GDR highlights some of the CPRA’s proposed revisions.

13 July 2022

Travelers attempts to rescind cyber coverage over alleged multifactor authentication omissions

Insurance firm Travelers is seeking to rescind the insurance coverage of a client hit with ransomware because the policyholder allegedly misrepresented that its servers were protected with multifactor authentication.

12 July 2022

DOJ sets ransomware enforcement goals but private entities could thwart success

The US Department of Justice's ransomware goals continue to hinge on coaxing a reluctant private sector to share its ransomware incidents.

11 July 2022

Instagram’s new age verification tactics could assuage regulators but increase risks

Instagram reviewing users’ uploaded IDs and video selfies – which in some cases involves a third party conducting automated analysis – could lead to the social media giant facing heightened legal risk.

05 July 2022

Cologne court expands Google GDPR liability

The Regional Court of Cologne has held that Google’s US parent and Irish subsidiary are jointly liable for responding to right to be forgotten requests.

05 July 2022

State AGs steer Carnival to $1.25 million data breach settlement

The fractured state of data privacy enforcement in the US was on display last week as cruise ship operator Carnival settled with 45 states and the District of Columbia for $1.25 million and agreed to implement new cybersecurity measures to settle a multistate data breach matter.

01 July 2022

Unlock unlimited access to all Global Data Review content