Judge denies class action certification over Equifax data breach

A class action suit that sought compensatory and punitive damages against credit-reporting company Equifax Inc. following a massive global data breach that affected more than 143 million people worldwide, including 19,000 Canadians, was refused certification after Quebec Superior Court held that Quebec law does not recognize compensatory damages for data breaches.

The decision, the latest of a rapidly growing body of Quebec jurisprudence dealing with security breaches, underlines that being the victim of a data breach is insufficient to claim damages even though there is prime facie evidence that a fault occurred, according to class action lawyers.

Continue reading “Judge denies class action certification over Equifax data breach”

Ottawa finally proposes regulations on data breach notifications

Private sector organizations following federal privacy law will have to provide breach notifications to customers and the privacy commissioner where it is reasonable to believe that the breach creates a “real risk of significant harm,” under long-awaited proposed regulations to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Continue reading “Ottawa finally proposes regulations on data breach notifications”

Ashley Madison agrees to US$1.7 million settlement

A month after the parent company of the controversial adult dating website Ashley Madison settled a complaint with the U.S. Federal Trade Commission and state charges over the 2015 data breach that exposed the personal data of more than 36 million users and highlighted the site’s unfair and deceptive practices, the firm is now trying to thwart 20 class actions against it by invoking online arbitration agreements the plaintiffs signed when they subscribed to its matchmaking services.

Continue reading “Ashley Madison agrees to US$1.7 million settlement”

Information Governance: Taming a world of chaos

It appears to have become the new norm. Not a week seems to go by without a report about a data breach. America’s largest bank, JP Morgan Chase, is the latest high-profile victim, and it is still reeling from this summer’s cyber attack that compromised the accounts of 76 million households — the equivalent of 65% of all U.S. households — and seven million businesses. Law firms are far from immune. An American multi-state criminal firm discreetly filed a report in late June with California authorities, the first U.S. state to adopt data breach notification legislation, after a hard drive containing backup files for one of the firm’s servers was stolen from the locked trunk of an employee’s vehicle.

Continue reading “Information Governance: Taming a world of chaos”