As we turn the page on 2018, let’s reflect on some of the key privacy and cybersecurity issues that will continue to occupy our hearts and minds in 2019....more
1/4/2019
/ California Consumer Privacy Act (CCPA) ,
Carpenter v US ,
Cybersecurity ,
Data Breach ,
Data Security ,
Internet of Things ,
Marriott ,
Personally Identifiable Information ,
Popular ,
Regulatory Oversight ,
Securities and Exchange Commission (SEC) ,
State Data Breach Notification Statutes ,
Verizon ,
Yahoo!
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
The fallout from the Yahoo data breaches continues to illustrate how cyberattacks thrust companies into the competing roles of crime victim, regulatory enforcement target and civil litigant. ...more
5/14/2018
/ Class Action ,
Criminal Conspiracy ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Failure To Disclose ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Publicly-Traded Companies ,
Russia ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Yahoo!
The U.S. Court of Appeals for the Seventh Circuit has reinstated a data breach class action filed against Barnes & Noble (B&N). The litigation, styled as Dieffenbach v. Barnes & Noble, Inc., now heads back to the U.S....more
4/16/2018
/ Article III ,
Barnes and Noble ,
Corporate Counsel ,
Data Breach ,
Debit and Credit Card Transactions ,
Economic Injuries ,
Federal Rule 12(b)(1) ,
Federal Rule 12(b)(6) ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Putative Class Actions ,
Reinstatement ,
Standing ,
State Data Breach Notification Statutes ,
UDAAP
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018. The law will take effect on May 1, 2018....more
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
South Dakota has become the 49th State to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The law will take effect on July 1, 2018....more
3/23/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The State of Washington's Attorney General filed a complaint against Uber Technologies, Inc., (Uber) this week related to the 2016 hack that exposed the personal data of 57 million riders and drivers. The suit is the first...more
In the span of just nine days, the U.S. Court of Appeals for the Eighth Circuit issued two rulings in class actions involving data breaches—one breach in 2013 at brokerage firm Scottrade and another in 2014 at grocery stores...more
9/5/2017
/ Article III ,
Breach of Contract ,
Brokerage Accounts ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Federal Rule 12(b)(6) ,
Grocery Stores ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Scottrade ,
Standing
The Federal Trade Commission (FTC) this week announced a consent order with TaxSlayer, LLC, an online tax preparation services provider, to settle claims that the company violated the Gramm-Leach-Bliley Act (GLBA) Safeguards...more
Delaware has joined the growing list of states that have recently amended their data breach laws. With passage of the first significant amendments to its data breach law since 2005, Delaware continues a state-law trend of...more
The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
Not everything that happens in Vegas stays in Vegas. Starting on October 1, 2017, a new Nevada privacy law will require certain website owners and operators to publish a notice regarding their privacy policies, disclosing to...more
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
7/27/2017
/ Banking Sector ,
Choice-of-Law ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Economic Loss Doctrine ,
Financial Institutions ,
PCI-DSS Standard ,
Personally Identifiable Information ,
Popular ,
Restaurant Industry
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
New Mexico recently became the 48th state to enact a data breach notification law. This continues the accelerated pace of state data breach legislative activity in the last two years. Since 2015, at least 41 states have...more
With tax season in full swing, the Internal Revenue Service (IRS), state tax agencies, and tax industry groups recently renewed a warning about Form W-2 email spear-phishing scams.
...more
1/31/2017
/ Cyber Crimes ,
Email ,
Identity Theft ,
IRS ,
Payroll Records ,
Personally Identifiable Information ,
Phishing Scams ,
Social Security Numbers ,
Spoofing ,
Tax Fraud ,
W-2
The U.S. Court of Appeals for the Third Circuit has vacated a district court's dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops...more
1/24/2017
/ Appeals ,
Article III ,
Class Action ,
Data Breach ,
Electronic Medical Records ,
Fair Credit Reporting Act (FCRA) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Injury-in-Fact ,
Laptop Computers ,
Personally Identifiable Information ,
PHI ,
Standing
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing