“Ashley Madison Pact Spotlights Cross-Border Enforcement,” Law360
In an article published by Law360 on Dec. 15, 2016, Bess Hinson provides guidance on a recent $1.6 million settlement by the Federal Trade Commission and state attorneys general with Ashley Madison, an extramarital affair website that was hacked in 2015. The settlement highlights the increased partnership between privacy regulators in the U.S. and abroad and the “increasingly costly nonmonetary consequences of failing to make data security a top priority,” according to the publication. Ms. Hinson, a member of Nelson Mullins’ Privacy and Information Security Practice Group, told Law360 in an interview, “What we’re seeing with this settlement is the FTC moving in a direction that’s more closely aligned with the requirements for data security on an international level.” Enforcement actions of late have been focused not only on traditional data compromises – like credit card information and Social Security numbers – but also on what’s considered to be “personal data,” such as photographs and sexual inclinations. “Here, we’re seeing the treatment of personal information in terms of how the FTC defines that term evolve a bit. Information like consumers’ sexual preferences, photographs and online contact information strike me as an evolution of personal information towards the [European Union] definition of personal data. Part of the story here is that while the settlement amount might initially appear to be small to U.S. companies, the cost of carrying out assessments and complying with various orders from the states and other governments is a big burden,” according to Ms. Hinson. For more information and to read the complete article, subscribers to Law360 can click here.