When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the...more
Major hospitals in London are grappling with severe disruptions following a cyberattack on Synnovis, a key pathology services provider. The attack has resulted in canceled surgeries and emergency patients being diverted to...more
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
On January 22, 2023, T-Mobile was sued in federal court in California alleging negligence, unjust enrichment, breach of express contract, breach of implied contract, and invasion of privacy over the recently-disclosed data...more
Customer lists held by providers and the personal information users enter to obtain digital wallets or set up crypto exchange accounts are enviable targets for hackers. Such data can be used to launch targeted phishing...more
Last week, Mediant Communications Inc. (Mediant) settled a class action lawsuit in the U.S. District Court for the Southern District of New York stemming from a 2019 data breach in which hackers accessed 200,000 individuals’...more
A December 2021 breach of Lakeview Loan Servicing’s customer data has led to another proposed class action against the company in the U.S. District Court for the District of South Carolina. The breach affected the personal...more
Dr Zero Trust – Chase Cunningham creator of the Zero Trust eXtended Framework joins Jerich Beason & Whitney McCollum for today’s Cyberside Chat to discuss the principles and types of technologies that support a zero trust...more
Second Circuit Denies Settlement of Data Breach Case Due to Lack of Standing - As we previously reported, in April 2021, the Second Circuit became the latest federal circuit to hold that an individual may establish Article...more
North American IT company Presidio faces a proposed data breach class action by an employee for an incident involving employee data. Eric LaPrairie, a former Presidio employee, received a notice of a data breach from...more
Most people have a warped and deeply unrealistic understanding of data security. There is no such thing as absolute security. For a thing to have value, you must be able to access the value – in effect, to use it. In order...more
Report on Supply Chain Compliance 3, no. 11 (May 28, 2020) - The Belgian Data Protection Authority (DPA) imposed a fine of EUR 50,000 for noncompliance with the GDPR conflict of interest requirement. According to...more
Takeaway: In a data breach class action, the typical panoply of claims asserted include tort claims (such as negligence and negligence per se), contractual claims (such as claims for breach of express and implied contracts),...more
California continues to lead on data privacy protection. Since the adoption of the California Consumer Privacy Act (CCPA), cracking down on data breaches and promoting consumer privacy has remained a priority in the state....more
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the EU advocate general's decision in Schrems II, a federal court's ruling that an insurer owed coverage for a social engineering loss, the Chinese...more
Takeaway: A key issue in data breach litigation is whether a data breach plaintiff has alleged facts sufficient to establish a cognizable injury. In Collins v. Athens Orthopedic Clinic, P.A., S19G0007, 2019 WL 7046786 (Ga....more
Dittman v. UPMC, 196 A.3d 1036 (Pa. 2018). The Pennsylvania Supreme Court holds that employers have a legal duty to use reasonable care to safeguard sensitive personal information of their employees when the employer chooses...more
Takeaway: Plaintiffs in data breach class actions usually assert common law tort claims, such as claims for negligence, gross negligence, and negligence per se. Negligence claims, however, require the breach of a recognized...more
On May 7, 2019, in Kaplan v. Casino Rama Services Inc. (Kaplan), the Ontario Superior Court of Justice refused to certify a privacy class action arising out of a criminal cyberattack that included allegations of breach of...more
The Pennsylvania Supreme Court recently held that employers have “a legal duty to safeguard” the personal data of their employees which is stored on internet-accessible computer systems and that the economic loss doctrine...more
To date, Pennsylvania has not adopted a comprehensive law specifying how sensitive personal information about individuals must be secured or the protections that holders of this information must use to minimize risk of...more
It seems that reports of hackers breaching a business’s security measures to obtain customer information appear on an almost weekly basis. Unfortunately, businesses need to worry not only about the unauthorized access of...more
In a unanimous ruling that is sure to become a landmark in state litigation over data breaches, the Pennsylvania Supreme Court on November 21 held that “an employer has a legal duty to exercise reasonable care to safeguard...more
In a landmark decision with far-reaching implication, the Pennsylvania Supreme Court recently held that employers have an affirmative duty to protect their employees’ personal information from criminal hacking. In particular,...more