Carnival Cruise Brings Multistate Data Breach into Port

Even as states continue to pass comprehensive privacy laws, Attorneys General remain active enforcing their data breach laws and utilizing their deceptive trade practice authority in the privacy space. Just last week, 46 State AGs signed on to a settlement, which took the form of an Assurance of Voluntary Compliance, with international cruise corporation Carnival for its 2019 data breach. This breach of employee email accounts purportedly exposed sensitive personal information contained in email contents, thereby impacting state consumers. The payment to the states is $1.25 million total.