Cybersecurity and data privacy risks continue to loom large with potentially significant consequences. Litigation, often filed soon after incidents, adds to the possible repercussions. In our previous article, we discussed a...more
Despite the much-anticipated impact of TransUnion LLC v. Ramirez (“Ramirez”), the Supreme Court decision has not prevented data breach and privacy class actions from proceeding past the pleading stage in federal courts across...more
The Supreme Court’s June 2021 decision in TransUnion LLC v. Ramirez led many to believe that data breach plaintiffs were going to have a difficult time establishing standing. After all, the Court suggested that exposure to...more
Instead of identifying traditionally “tangible” injuries, data breach plaintiffs typically point to the fact that they may be the victim of identity theft at some point in the future. Prior to late April 2021, the federal...more
Who has standing to bring claims for alleged statutory violations of privacy and cybersecurity statutes? There is no easy answer to this question. In Spokeo, Inc. v. Robins, the Supreme Court explained that just because a...more
The U.S. Supreme Court recently declined to review CareFirst Inc. v. Attias, a data breach standing case. For those hoping for resolution of a notable circuit split over what constitutes Article III standing at the pleading...more
The U.S. Securities and Exchange Commission is at the center of the current day “cyber storm” of data and system protection, both as a victim and as a regulator. According to an SEC director, “[c]yber-related threats and...more
Despite considerable incident response work after numerous alleged data breaches, very few opinions have addressed the application of attorney-client privilege and the work-product doctrine to the materials created by such...more
In early September, Equifax disclosed a now well-known data breach that ultimately affected a reported 146 million customers in the United States. The breach allegedly occurred in May 2017, as a result of an online security...more
Several high-profile lawsuits have been filed in recent years by shareholders seeking to hold corporate officers and directors liable for damage resulting from data security breaches. For example, directors and officers at...more
On January 1, 2017, Illinois ushered in a broader and stronger personal information and data breach regime. The Illinois Personal Information Act (PIPA), 815 ILCS § 530, applies any entity that “handles, collects,...more
In May of this year, in Robins v. Spokeo, the Supreme Court ruled on the important issue of standing for plaintiffs asserting statutory claims for damages in federal court. Some observers thought the decision would guide...more
General Data Protection Regulation Update -
As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
7/7/2016
/ Americans with Disabilities Act (ADA) ,
Cybersecurity ,
Data Breach ,
Department of Insurance ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
NLRA ,
OCR ,
UK ,
UK Data Protection Act
What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more
Interesting conclusions about data breach costs emerge from two new studies, the 2015 Ponemon Institute’s Cost of Cyber Crime Study: Global and the 2015 NetDiligence® Cyber Claims Study. While the phrase alluded to in our...more
Retail Tracking Update: Privacy Guidance Following Nomi Technologies
- There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity. Fifteen years ago, TV host Jeremy...more
7/31/2015
/ Breach Notification Rule ,
Canada ,
Confidential Information ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
FOIA ,
Hong Kong ,
Identity Theft ,
Notification Requirements ,
Online Safety for Children ,
PCPD ,
Personal Data ,
PIPEDA ,
Power Grid ,
Retail Tracking ,
Risk Assessment ,
Standing ,
Telecommunications ,
Turkey ,
UNCITRAL
In what is sure to be a widely cited data breach standing decision, the U.S. Court of Appeals for the Seventh Circuit found that increased risk of future harms from a data breach are sufficient to confer standing to sue upon...more
Early days still for coverage litigation about cyber risks – whether under cyber insurance policies or other types of policies. This is not surprising given the relatively short history of cyber risks and even shorter history...more
Recent data breaches have prompted worries about economic damage to the infiltrated companies. Analyses in fact show minimal effects on stock prices or revenues of the hacked companies. But that may be only temporary comfort...more
Where do we stand on standing in data breach cases? It depends on which court you ask. In December 2014, two courts considered whether plaintiffs alleged sufficient injury in their complaints involving well-known data...more