The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
Courts and class action counsel have been considering what kinds of injuries can confer standing to pursue federal claims following the Supreme Court’s 2021 decision in TransUnion LLC v. Ramirez, which held that the...more
On July 11, a split U.S. Court of Appeals for the Eleventh Circuit partially vacated the greenlighting of two data breach class actions, holding that a district court must re-analyze the boundaries of the classes. Both the...more
Data incident lawsuits, especially class actions, have the potential to create significant business disruption, loss of marketplace credibility, civil liability or regulatory exposure. Consequently, companies that experience...more
Takeaway: Ever since the U.S. Supreme Court ruled in Clapper v. Amnesty Int’l USA, 568 U.S. 398, 416 (2013), that plaintiffs “cannot manufacture standing merely by inflicting harm on themselves based on . . . hypothetical...more
A recent decision from the Third Circuit suggests that the leak of information onto the Dark Web provides standing to class action plaintiffs in data breach litigation. In Clemens v. ExecuPharm, Inc., 48 F.4th 146 (3d Cir....more
On October 18, 2022, in Webb v. Injured Workers Pharmacy, LLC, the District of Massachusetts dismissed a class action complaint brought by former pharmacy patients alleging that their sensitive personal information had been...more
Now more than ever, it is important for organizations to review and update their basic information security protocols (their incident response, business continuity and crisis communications plans), and to ensure they’re...more
Instead of identifying traditionally “tangible” injuries, data breach plaintiffs typically point to the fact that they may be the victim of identity theft at some point in the future. Prior to late April 2021, the federal...more
On April 26, 2021, the Second Circuit considered—for the first time in a published decision—the question of Article III standing in the context of a data security case. In McMorris v. Carlos Lopez & Associates LLC, the court...more
The Federal Trade Commission (FTC) continues to put emphasis on the importance of corporate board involvement in privacy and data security. Corporate Boards: Don’t Underestimate Your Role in Data Security Oversight - The...more
In the context of data breach class action litigation, the question of whether Article III standing can be satisfied is often dispositive of the outcome of an action. However, a deep circuit split currently exists between the...more
Takeaway: In Tsao v. Captiva MVP Restaurant Partners, LLC, 986 F.3d 1332, 1339 (11th Cir. 2021), the Eleventh Circuit held that evidence of a “mere data breach” is not sufficient to establish standing where the hackers...more
Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data breach litigation in federal court—and perhaps even in general. First, does a...more
Today, data breaches continue to proliferate at a rapid pace, often spurring consumer class action litigation in their wake. Oftentimes, a successful data breach suit can empty a corporate defendant’s coffers. For example,...more
A federal court in California has ruled that the plaintiff in a putative class action alleging theft of non-sensitive personal information arising from a cybersecurity data breach lacks Article III standing to maintain his...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
As the use of biometric data continues to grow and become more prevalent across industries of all types and sizes, complying with data security and privacy laws has never been more critical or challenging. This is...more
Maine Bill Requires ISPs to Obtain Opt-In Consent from Customers - The Maine legislature has passed a bill that requires internet service providers (ISPs) operating in Maine to obtain express, affirmative consent from...more
On January 25, 2019, in a closely watched case, the Illinois Supreme Court ruled that a plaintiff need not allege or demonstrate actual harm to have standing to pursue a claim under the Illinois Biometric Information Privacy...more
On November 20, 2018, the Illinois Supreme Court heard oral arguments in Rosenbach v. Six Flags Entertainment Corp. and Great America LLC to decide whether a technical violation of Illinois’ Biometric Information Privacy Act...more
Late last month, an Illinois appellate court reversed a lower court’s dismissal of biometric privacy claims against a tanning salon franchisee that had collected the plaintiff’s fingerprint to allow entry in its own salon and...more
Consumer data breach class actions, for all of their popularity on dockets and especially in headlines, can make difficult cases for plaintiffs. Issues like standing and damages often keep these cases from getting off the...more
• The number of class actions brought under Illinois' Biometric Information Privacy Act (BIPA) has increased substantially each year since its passage in 2008. • One of the main issues facing litigants is what constitutes...more
An Illinois district court remanded to state court for lack of standing a biometric privacy suit brought by employees over the collection and storage of individuals’ fingerprints allegedly in violation of the Illinois...more
We’ve previously blogged about the creative efforts of plaintiffs’ counsel to expand the contours of data breach litigation. ...more