The Biden administration announced that it brokered a voluntary agreement with several of the biggest technology and artificial intelligence (AI) companies. The agreement, available here, has the companies taking a number of...more
On July 26, 2023, the Securities and Exchange Commission (SEC) announced the adoption of final rules relating to cybersecurity risk management, strategy, governance, and incident disclosures. The new rules define a...more
A recent decision from a federal court in Pennsylvania highlights the importance of a carefully crafted statement of work (“SOW”) when commissioning an investigative report in response to a data security breach. A convenience...more
Typically, comprehensive cyber insurance policies, rather than commercial crime policies, respond to claims of data breach and other cybercrimes. With the rise in hacking and ransomware attacks worldwide, businesses that may...more
Despite the global pandemic, the California Attorney General will begin enforcing the California Consumer Privacy Act on July 1 as planned, so even in this new work-from-home environment, businesses must continue to work...more
In the wake of the COVID-19 crisis, much of the workforce has shifted to working remotely, with many workers operating out of makeshift “offices” they created in their homes with little or no warning. Along with this remote...more
As data breaches are on the rise, the old adage rings true: it’s not a question of if, but when. More companies are experiencing crippling breaches and the statistics are alarming: According to IBM Security’s Cost of a Data...more
A California federal court recently held in Rushing v. Viacom, Inc. that an arbitration provision in Viacom’s End User License Agreement (“EULA”) was one click shy of enforceability, and denied the company’s motion to dismiss...more
In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the...more
A federal court in Texas cut short a putative class action alleging violation of the truncation requirement under the Fair and Accurate Credit Transactions Act (FACTA), sending a clear message to plaintiffs that minor...more
The Securities and Exchange Commission (“SEC” or “Commission”) has given public companies a heads up on where the Commission is setting its sights in the ever-developing world of cybersecurity. Here’s what you need to know,...more
The European Union (EU) Parliament’s new data privacy law, known as the General Data Protection Regulation (GDPR), is set to become enforceable in all EU member states on May 25, 2018, just six months from now. The GDPR...more
Take note GCs: The question is not if you will have to respond to a cybersecurity incident—the question is when. That was the message from speakers and panelists at the Association of Corporate Counsel’s annual meeting this...more
We recently wrote about a decision in Attias v. CareFirst, Inc., holding that a class of plaintiffs whose information was compromised in a cyberattack had sufficiently demonstrated standing to survive a motion to dismiss. The...more
A recent federal appellate decision suggests that it might be getting easier for cyberattack plaintiffs to establish standing in a manner sufficient to survive a motion to dismiss. According to the U.S. Court of Appeals for...more
Coca-Cola won big last month when it secured summary judgment in a privacy class action brought by a former bottling plant employee concerning compromised personal information. Hon. Joseph Leeson of the Eastern District of...more
Computers are involved at some point in almost every business transaction—that is the reality of life in the digital age. The implications of that fact are still being worked out with respect to the interpretation of...more
A split continued to develop in the federal courts last month as the Fourth Circuit denied Article III standing to the plaintiffs in a data breach case whose alleged injuries were limited to the increased risk of future...more
No business is too small to be the victim of a cyberattack. In fact, as larger companies invest more resources in cybersecurity, attackers are beginning to target smaller, less secure businesses. It is important for every...more
A new federal mandate requires most commercial truck drivers to “go green” by trading in their old paper logs for electronic logging devices (ELDs) by December 18, 2017. Thought to affect roughly 3.5 million truck drivers,...more
On July 29, 2016, the Federal Trade Commission (“FTC” or “Commission”) reversed an FTC administrative law judge’s (“ALJ”) opinion which had ruled against the FTC, finding that the Commission had failed to show that LabMD’s...more
Standing remains a high hurdle for individuals whose personal information is compromised as a result of a data breach but who cannot establish that the stolen information was actually used improperly. Class action claims...more
In what is thought to be the first published decision in a cyber insurance coverage case, popular Chinese restaurant chain, P.F. Chang’s, was denied coverage for certain costs incurred as a result of a 2014 data breach....more
Whether a plaintiff has standing to sue is a wellspring of dispute in the context of data breach cases, and in Spokeo, Inc. v. Robins, the U.S. Supreme Court recently made clear that the battle must be fought on two fronts....more
On Monday, the Fourth Circuit held that Travelers must defend Portal Healthcare in a class action claim arising out of an alleged medical records data breach.
The class action, filed in New York state court in April...more