A recent decision from a federal court in Pennsylvania highlights the importance of a carefully crafted statement of work (“SOW”) when commissioning an investigative report in response to a data security breach. A convenience...more
As data breaches are on the rise, the old adage rings true: it’s not a question of if, but when. More companies are experiencing crippling breaches and the statistics are alarming: According to IBM Security’s Cost of a Data...more
In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the...more
The Securities and Exchange Commission (“SEC” or “Commission”) has given public companies a heads up on where the Commission is setting its sights in the ever-developing world of cybersecurity. Here’s what you need to know,...more
Take note GCs: The question is not if you will have to respond to a cybersecurity incident—the question is when. That was the message from speakers and panelists at the Association of Corporate Counsel’s annual meeting this...more
A recent federal appellate decision suggests that it might be getting easier for cyberattack plaintiffs to establish standing in a manner sufficient to survive a motion to dismiss. According to the U.S. Court of Appeals for...more
Coca-Cola won big last month when it secured summary judgment in a privacy class action brought by a former bottling plant employee concerning compromised personal information. Hon. Joseph Leeson of the Eastern District of...more
A split continued to develop in the federal courts last month as the Fourth Circuit denied Article III standing to the plaintiffs in a data breach case whose alleged injuries were limited to the increased risk of future...more
On July 29, 2016, the Federal Trade Commission (“FTC” or “Commission”) reversed an FTC administrative law judge’s (“ALJ”) opinion which had ruled against the FTC, finding that the Commission had failed to show that LabMD’s...more
Standing remains a high hurdle for individuals whose personal information is compromised as a result of a data breach but who cannot establish that the stolen information was actually used improperly. Class action claims...more
In what is thought to be the first published decision in a cyber insurance coverage case, popular Chinese restaurant chain, P.F. Chang’s, was denied coverage for certain costs incurred as a result of a 2014 data breach....more
Whether a plaintiff has standing to sue is a wellspring of dispute in the context of data breach cases, and in Spokeo, Inc. v. Robins, the U.S. Supreme Court recently made clear that the battle must be fought on two fronts....more
On Monday, the Fourth Circuit held that Travelers must defend Portal Healthcare in a class action claim arising out of an alleged medical records data breach.
The class action, filed in New York state court in April...more
Last month, a Minnesota federal judge tossed out extensive multidistrict legislation concerning a proposed class action of SuperValu shoppers. Shoppers from Illinois, Minnesota, and Idaho had alleged that the supermarket...more
Plaintiffs continue to battle for standing in data breach cases, and another federal court recently added to a growing body of decisions helpful to companies who find themselves on the receiving end of a lawsuit after falling...more
Yet another federal judge has concluded that an individual whose personal information was allegedly accessed during a data breach lacks standing to sue unless and until there has been a misuse of that personal information or...more
Earlier this month, a Texas federal judge rejected a data breach plaintiff’s claim of a relaxed standard for Article III standing based on the “heightened risks” posed by potential identity theft and security fraud. ...more
Recently, the Pennsylvania Superior Court ruled in favor of data breach plaintiff Avrum Baum, giving him a second chance to certify a class action suit against Keystone Mercy Health Plan. Baum brought suit against the...more
The FCC recently signaled its intention to move aggressively into the realm of data security regulation. On October 24, 2014, the agency released a Notice of Apparent Liability for Forfeiture (NAL), ordering two...more
In a pair of recent cases, two California health care providers successfully warded off lawsuits arising from unauthorized data breaches of patient files. These cases illustrate that improper disclosure of electronically...more
There is no question that data breaches are among the most common and costly threats to consumers and companies alike. What remains the subject of vehement debate is whether plaintiffs in cyber-attack cases must allege stolen...more