The new SEC cybersecurity rules (Release No. 33-11216), codify and build on earlier SEC guidance on cybersecurity risks and incidents and require specific cybersecurity-related disclosures....more
Cybersecurity and data privacy risks continue to loom large with potentially significant consequences. Litigation, often filed soon after incidents, adds to the possible repercussions. In our previous article, we discussed a...more
Flexing considerable enforcement muscle, California Attorney General Rob Bonta (“AG”) recently announced a $1.2 million settlement with beauty retailer Sephora, Inc. (“Sephora”) under the landmark California Consumer Privacy...more
With football season in full swing, fans and fantasy football owners alike are busy watching games and tossing around acronyms like passes – Xs and Os, TDs, PATs, PPR, YACs, and many more. And on the legal gridiron, insurers...more
As baseball heads to the All-Star break and the rest of the season, fans are meticulously keeping score and tracking statistics such as RBI, HR’s and K’s. Some follow advanced analytics, like WAR, OPS+ and others. And on the...more
Business email compromises (BECs) remain big business. According to a recent FBI report, “[i]n 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion.” This is an increase from just over...more
Despite the much-anticipated impact of TransUnion LLC v. Ramirez (“Ramirez”), the Supreme Court decision has not prevented data breach and privacy class actions from proceeding past the pleading stage in federal courts across...more
Every organization with an online presence needs to continuously think about its cybersecurity. The number of cyberattacks spiked significantly during the COVID-19 pandemic with an estimated global loss of nearly $1 trillion....more
Business email compromise threats trick unsuspecting targets into sending money to the perpetrators, often through use of fraudulent wire or ACH transfer instructions. Entities should take steps to protect themselves from...more
The Supreme Court’s June 2021 decision in TransUnion LLC v. Ramirez led many to believe that data breach plaintiffs were going to have a difficult time establishing standing. After all, the Court suggested that exposure to...more
Instead of identifying traditionally “tangible” injuries, data breach plaintiffs typically point to the fact that they may be the victim of identity theft at some point in the future. Prior to late April 2021, the federal...more
Ransomware is dominating headlines and creating unimaginable headaches. Ransomware has been deployed against every industry sector, and against municipalities and other government agencies. The resulting disruptions and...more
Business email compromise (BEC) threats are soaring. Huge amounts of money are at risk. We share some practical tips to reduce the chances of being swindled -- and to try to recover amounts if you are....more
Who has standing to bring claims for alleged statutory violations of privacy and cybersecurity statutes? There is no easy answer to this question. In Spokeo, Inc. v. Robins, the Supreme Court explained that just because a...more
Threat actors have recently and significantly increased efforts to defraud organizations and individuals through business email compromise (BEC). In BEC and related scams, the threat actors trick unsuspecting targets into...more
Following Spokeo, Inc. v. Robins,1 lower courts across the country were tasked with applying the Supreme Court’s “concrete” injury standard to a wide range of privacy and cyber claims. These claims range from the improper...more
Starting January 1, 2020, California consumers are allowed to make requests for disclosure of certain information under the California Consumer Privacy Act of 2018 (“CCPA”). This article spotlights several practical issues...more
The high court of Maryland has endorsed pro rata allocation under CGL policies in an asbestos bodily injury case, affirming the lower court and stating that “[t]he pro rata allocation approach—a longstanding precedent adopted...more
Under the California Consumer Privacy Act (CCPA), covered businesses must comply with myriad requirements starting January 1, 2020. Within those requirements, covered businesses must be prepared to deal with the “look back”...more
Since January 1, 2019 there have been approximately 20 spinoff transactions announced. And to date there have been a number of instances of litigation arising out of spinoffs, some of which have insurance-related issues in...more
The effective date for the California Consumer Privacy Act (CCPA) is January 1, 2020. With fewer than 60 days remaining, covered businesses must be ramping up to meet the requirements of the CCPA. The CCPA affords several...more
On 24 September 2019, the European Union’s top court issued a landmark ruling declaring that Google does not have to extend the “right to be forgotten” rules to its search engines globally.1 This decision provides important...more
Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) will impose new privacy obligations on certain businesses that collect personal information of California consumers. Employers with employees in...more
Under the California Consumer Privacy Act (CCPA), covered businesses must comply with myriad requirements starting January 1, 2020. Within those requirements, covered business must be prepared to deal with the “look back”...more
You can’t hear it often enough: the California Consumer Privacy Act of 2018 (CCPA)—Cal. Civ. Code § 1798.100 et seq.—comes into effect on January 1, 2020 with enforcement by the Attorney General beginning on July 1, 2020 (6...more