The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
11/28/2018
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Security ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Employment Litigation ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care
On April 18, 2018, the Government of Canada published the final regulations relating to mandatory reporting of privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). ...more
9/14/2018
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Notification Requirements ,
Personally Identifiable Information ,
PIPEDA ,
Popular ,
Recordkeeping Requirements ,
Regulatory Oversight ,
Regulatory Requirements
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
9/11/2018
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Security ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Information Technology ,
Insurance Industry ,
Legislative Agendas ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Preemption ,
Proposed Legislation ,
Risk Management
As discussed in our prior post, the California Consumer Privacy Act of 2018 (the “Act”) is expected to be modified by the California legislature prior to its January 1, 2020, enforcement deadline. ...more
8/22/2018
/ Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
State and Local Government
One of the most bedeviling aspects of data privacy and security law concerns the concept of “reasonable” data security, which has become the default statutory and common law standard. The FTC began articulating a...more
Today the EU General Data Protection Regulation (GDPR) goes into effect, ending the data protection landscape as we know it. This comprehensive privacy law applies directly to the 28 EU countries and companies established in...more
5/25/2018
/ Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management
More than two-thirds of U.S. corporate lawyers surveyed favor a federal law setting uniform data security and breach notification requirements across the country, according to results released today by the Association of...more
Plaintiff lawyers’ continued search for damage theories to assert in claims arising from a data breach – or fear of a breach – received a potential setback this week when Chief Judge Michael Reagan of the United States...more
4/9/2018
/ Appeals ,
Article III ,
Automotive Industry ,
Class Action ,
Connected Cars ,
Cybersecurity ,
Damages ,
Data Breach ,
Design Defects ,
Diminution in Value ,
Fiat ,
Hackers ,
Interlocutory Appeals ,
Motor Vehicles ,
Popular ,
Standing
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
In proposed amendments earlier this week to the current draft of the "AV START Act," the Senate addressed important cybersecurity, data access, and privacy concerns associated with the development of highly automated vehicles...more
A global group of data privacy regulators has, for the first time, set forth data privacy and security guidance on the development of automated and connected-car technologies. ...more
Delaware has joined the growing list of states that have recently amended their data breach laws. With passage of the first significant amendments to its data breach law since 2005, Delaware continues a state-law trend of...more
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
This month, Colorado joined a growing list of nearly half of U.S. states when it enacted a law approving the use of autonomous driving systems. The Colorado law governs systems capable of controlling highly and fully...more
The Colorado Division of Securities (Division) has published final cybersecurity rules applicable to broker-dealers and investment advisers. The Colorado Attorney General's office has 20 days to write an opinion on the rules,...more
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more
2/3/2017
/ Appeals ,
Class Action ,
Class Certification ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Settlement ,
Target
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
Vehicle-related cyber incidents could have devastating and deadly effects, particularly as cars and trucks become more highly automated and rely more heavily on wireless technologies. To combat this threat, the U.S....more
10/28/2016
/ Automotive Industry ,
Connected Cars ,
Cybersecurity ,
Department of Transportation (DOT) ,
Driverless Cars ,
Internet of Things ,
NHTSA ,
Privacy Concerns ,
Regulatory Oversight ,
Smart Car ,
Technology
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing