New York’s Investigation Of Dunkin' Donuts Results In A Promise To Abide By The SHIELD Act’s Requirement

New York’s Investigation Of Dunkin' Donuts Results In A Promise To Abide By The SHIELD Act’s Requirement

Why This Privacy Law is Important:

In September 2019, the New York Attorney General’s Office (NYAG) filed a complaint against Dunkin' alleging that the company’s data security practices violated NY General Business Law. The complaint alleged that Dunkin' failed to respond appropriately to reports that customer’s DD Perks rewards accounts were being hacked, protect consumer data, and implement appropriate technical safeguards.

Overview:

The New York Attorney General’s Office (NYAG) reached a Consent and Stipulation Agreement with Dunkin’ Brands, Inc. (Dunkin'), which obligates the company to implement and maintain a comprehensive information security program to protect customers’ private information. The terms of the consent agreement strongly resemble the reasonable security measures described in the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).

The consent agreement calls for Dunkin to pay a $650,000 penalty, notify customers whose Dunkin rewards accounts may have been affected by the data breach and to reset the passwords of customers who may have been affected. Dunkin must also comply with New York’s Deceptive acts and practices and breach notification laws (GBL §§ 349 and 899-AA) and refrain from misrepresenting its data security practices.

Download the Privacy Alert to the right to get the full text and expert analysis!

Download the Resource