- Posts by Todd C. TaylorMember
Todd focuses his practice on data privacy and security, licensing, technology, supply chain and commercial transactional matters.
Before joining the firm, Todd served as an in-house attorney at Bank of America, where he worked ...
On October 22, 2024, the Consumer Financial Protection Bureau (the “CFPB”) finalized its personal financial data rights rule (“The Final 1033 Rule” or the “Final Rule”) that would require data providers to make available to consumers and their authorized third parties certain covered data in the data provider’s control or possession concerning a covered consumer financial product or service. This Final Rule comes a year after the CFPB initially proposed the rule (the “Proposed Rule”) in October of 2023.
The saga of the Capital One data breach, which impacted an estimated 106 million individuals in the U.S. and Canada, may soon be coming to an end. After more than two years of litigation, the parties have reached a settlement that would resolve existing and future consumer claims arising out of the 2019 breach which impacted Capital One customer information stored in the Amazon Web Services (AWS) cloud environment. If the settlement is approved, it will be one of the largest in any multidistrict data breach litigation.
By Bret Buckler and Todd Taylor
Recently the state of California passed a data privacy and security law called the California Consumer Privacy Act (“CCPA”) (Assembly Bill 375, found here).
The law, which takes effect on January 1, 2020, is aimed at establishing a defined set of rights for consumers with regard to how their personal information is being collected and used. The political push for the law comes on the heels of a contentious few months where tech giants such as Facebook have admitted to potentially problematic data breaches and oversharing of personal information ...
On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the government agency and the new-defunct clinical lab.
What Happened?
It’s not easy to explain in a blog entry the complex backstory leading up to LabMD’s recent win, but here goes:
Over a thirteen year period (until it ceased business in 2014), LabMD operated a clinical laboratory that performed tests on patient specimen samples. As part of its operations, LabMD had ...
On August 1, 2016, the U.S. Department of Commerce began accepting self-certification applications for the new EU-U.S. Privacy Shield Framework. In the month that has followed over 100 companies (including Microsoft, Oracle and Salesforce, among others) have self-certified that they are in compliance with the EU-U.S. Privacy Shield.
Now that that Privacy Shield is in effect and gaining acceptance, it is a good time for companies to examine whether the Privacy Shield makes sense for them. To answer that question, it is important to understand some basic facts about the Privacy ...
About Data Points: Privacy & Data Security Blog
The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.