On May 15, the Securities and Exchange Commission adopted amendments to Regulation S-P, which covers broker-dealers, registered investment advisors (RIAs), and investment companies (funds). These entities are now required to...more
Takeaway: The Eleventh Circuit has yet to address whether a future risk of identity theft is sufficient to establish standing in a data breach case. In Muransky v. Godiva Chocolatier, Inc., 16-16486, 2020 WL 6305084, at *12...more
In a decision that narrows the path to federal court for plaintiffs seeking statutory damages with no actual harm, the full 11th Circuit has held that a plaintiff must plead a concrete injury to bring a claim based on an...more
We’ve already written about Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), in which the Supreme Court reaffirmed that all federal plaintiffs, even those alleging a statutory violation, must have suffered a real, concrete...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
A common and understandable concern of companies that suffer a data breach is whether the victims can sue the company. It is tempting to assume that the victims won’t sue if they do not suffer identity theft or monetary loss...more
Several recent federal court decisions have shed additional light on the still-unsettled question of when a plaintiff has Article III standing to sue based on a data breach or other data security or privacy event. These...more