On January 5, 2015, the Federal Trade Commission (FTC) entered into a consent order with dental software manufacturer Henry Schein Practice Solutions, Inc. (“Schein”) in connection with allegations that Schein had made misleading security-related representations about its software. The consent order underscores that while security-enhanced product features are in high demand, companies must be careful to avoid unfair or deceptive marketing of such features.
On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years. The news was quickly overshadowed by the CJEU’s decision invalidating the US-EU Safe Harbor Framework on the same day, but the California law amendments should not be overlooked. The amendments, which update Cal. Civ. Code § 1789.29 (for state agencies) and § 1789.82 (for businesses), were part of a legislative “package deal” of three separate bills mandating a new breach notice format (S.B. 570), defining “encryption” (A.B. 964), and expanding the definition of “personal information” and clarifying substitute notice requirements (S.B. 34). The amendments will take effect on January 1, 2016.