The SEC has proposed new disclosure rules for public companies regarding cybersecurity incidents and related policies and procedures. We will discuss in a forthcoming post practical considerations and best practices that...more
In June 2018, medical laboratory LabMD obtained the first-ever court decision overturning a Federal Trade Commission (FTC) cybersecurity enforcement action. (The team directing that effort – led by Doug Meal and Michelle...more
3/14/2019
/ Cease and Desist Orders ,
Corporate Counsel ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
FTC Act ,
Injunctive Relief ,
LabMD ,
Popular ,
Remediation
The California Consumer Privacy Act of 2018 (the “CCPA” or the “Act”), which we reported on here and here continues to make headlines as the California legislature fast-tracked a “clean up” bill to amend the CCPA before the...more
A recent skirmish about standing in data breach class actions (this time in the Eighth Circuit), involving securities and brokerage firm Scottrade, suggests that, even if plaintiffs win that limited question, there are other...more
10/31/2017
/ Article III ,
Brokerage Accounts ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Scottrade ,
Standing
This week, a high profile plaintiffs’ firm (Edelson) stated that “if done right,” the data breach class actions against Equifax should yield more than $1 billion in cash going directly to more than 143 million consumers...more
10/16/2017
/ Corporate Counsel ,
Credit Reporting Agencies ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Settlement ,
Vulnerability Assessments
Shortly after the new year, the Federal Trade Commission filed suit in the Northern District of California against D-Link Corporation, a Taiwan-based maker of wireless routers, Internet Protocol (IP) cameras, and software...more
2/6/2017
/ Corporate Counsel ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Popular ,
Security Standards ,
Software ,
Taiwan ,
Technology ,
Technology Sector ,
Vulnerability Assessments ,
Young Lawyers
The coverage landscape for “Business E-mail Compromise” (BEC) scams remains somewhat tenuous, as organizations and carriers continue to battle in court over the extent of coverage. Although recent positive,...more
11/3/2016
/ Appeals ,
Bank Accounts ,
Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Data Breach ,
Email ,
Financial Institutions ,
Hackers ,
Insurance Industry ,
Online Banking ,
Phishing Scams ,
Policy Terms
The Sixth Circuit joined the growing trend of appellate courts holding that plaintiffs had demonstrated standing for data breach class actions in Galaria et al. v. Nationwide Mutual Insurance Company. In a recent order, the...more
10/5/2016
/ Article III ,
Class Action ,
Corporate Counsel ,
Data Breach ,
Insurance Industry ,
Nationwide Insurance Co. ,
Neiman Marcus ,
Personally Identifiable Information ,
PF Chang's ,
Popular ,
Standing
Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more
Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more
On Monday, January 25th, the Supreme Court issued the most recent Computer Fraud and Abuse Act decision in Michael Musacchio v. United States. After leaving his employer to start his own company, the defendant (a former...more
On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized...more
On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized...more
1. CJEU finds Safe Harbor Invalid -
In a landmark ruling delivered today, Europe's highest court, the Court of Justice of the European Union (CJEU) declared that the EU Commission's US - EU Safe Harbour regime is...more
10/7/2015
/ Cloud Computing ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Due Diligence ,
EU ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Personal Data ,
Popular ,
Privacy Concerns ,
Privacy Policy ,
Safe Harbors ,
US-EU Safe Harbor Framework ,
Young Lawyers
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton,...more
7/31/2015
/ Compliance ,
Corporate Counsel ,
Corporate Governance ,
Corrective Actions ,
Cybersecurity ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EHR ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Security Rule ,
Settlement
On March 4, 2015, Washington State’s House of Representatives passed HB 1078, which would significantly tighten Washington’s current data breach notification requirements, currently codified at RCW 19.255.010. The bill has...more