For years now, business organizations have had a ready and reliable defense to the customer class-action lawsuits that inevitably follow whenever a new data breach is announced: You can’t sue us because any damage from the breach is purely speculative unless the names, addresses, credit card numbers, etc., that were stolen in the attack have actually been misused for fraudulent purchases or identity theft. No harm (yet), no foul.
As we have noted previously on the new DFS cybersecurity regulations, 23 N.Y.C.R.R. Part 500, the regulatory process is—by definition—vastly more swift and adaptable than the legislative process. What may get bogged down in legislative committee for months or years can be hammered out in a matter of days in the administrative state.
The sheer size of the recent Equifax breach—affecting nearly half of all Americans and potentially more than half of those over 18—is staggering. It is the nature of the breach, however, and the type of information taken, that gives the greatest pause.
For more than two years now, we’ve spoken and presented to various groups on New York’s Paid Family Leave Benefits Law (PFL), dozens, and dozens, and dozens of times. Like clockwork, one of the curious attendees would always ask whether PFL benefit payments would be taxable and whether PFL employee contributions would be pre- or post-tax deductions. Each time, we’d be forced to answer something along the lines of, “we don’t know yet— reasonable minds can disagree, and we are waiting on promised guidance on this from the state.” Well, throw that old answer out; we now know! The answers are the seemingly incongruous “taxable” and “post-tax.”
On October 3, 2012, Nationwide Mutual Insurance Company and its wholly-owned subsidiary Allied Property & Casualty Insurance Company experienced a data breach when a hacker exploited a vulnerability on the companies’ web application hosting software. This hack resulted in the compromise of the personal information of 1.27 million consumers, including social security numbers, driver’s license numbers, credit scoring information, and other data used to provide insurance quotes.