Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) will impose new privacy obligations on certain businesses that collect personal information of California consumers. Employers with employees...more
Fraudsters deploy different computer-related techniques but toward the same end – “gaming the system” for their own financial gain. Some victims turn to insurance for recovery. Four recent federal appellate decisions reveal...more
Locke Lord’s Insurance & Reinsurance Newsletter provides topical snapshots of recent developments in the fast-changing world of insurance. For further information on any of the subjects covered in the newsletter, please...more
Fraudsters deploy different computer-related techniques but toward the same end – “gaming the system” for their own financial gain. Some victims turn to insurance for recovery. Four recent federal appellate decisions reveal...more
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
California may have again taken the privacy protection lead among U.S. jurisdictions with the Governor’s signing on June 28, 2018 of the California Consumer Privacy Act of 2018 (AB 375) (the “Act”). Privacy and security...more
7/6/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
The U.S. Supreme Court recently declined to review CareFirst Inc. v. Attias, a data breach standing case. For those hoping for resolution of a notable circuit split over what constitutes Article III standing at the pleading...more
The U.S. Securities and Exchange Commission is at the center of the current day “cyber storm” of data and system protection, both as a victim and as a regulator. According to an SEC director, “[c]yber-related threats and...more
Despite considerable incident response work after numerous alleged data breaches, very few opinions have addressed the application of attorney-client privilege and the work-product doctrine to the materials created by such...more
In early September, Equifax disclosed a now well-known data breach that ultimately affected a reported 146 million customers in the United States. The breach allegedly occurred in May 2017, as a result of an online security...more
The Missouri Supreme Court has unanimously held a pollution exclusion to apply in a dispute between a lead smelting company and one of its insurers. Doe Run Resources Corporation faced litigation alleging that its smelting...more
As cyber risks continue to evolve, resulting insurance claims continue to implicate a variety of types of policies. Although many claims are addressed without lawsuits being filed, some are not. And while not all coverage...more
Several high-profile lawsuits have been filed in recent years by shareholders seeking to hold corporate officers and directors liable for damage resulting from data security breaches. For example, directors and officers at...more
The definition of “ransomware” can sound pretty academic. For example, the FBI describes ransomware as “a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified...more
On January 1, 2017, Illinois ushered in a broader and stronger personal information and data breach regime. The Illinois Personal Information Act (PIPA), 815 ILCS § 530, applies any entity that “handles, collects,...more
New Corporate Governance Annual Disclosure Requirements for Connecticut Insurers to Take Effect in 2017 -
A recently enacted Connecticut statute intended to compel insurance companies to improve their corporate...more
It’s a common situation. A policyholder is sued and put its insurer on notice. The litigation proceeds and the opportunity to settle arises. The policyholder settles and turns to its insurer for coverage of the settlement...more
New York’s Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To Do List -
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start...more
1/30/2017
/ Banks ,
Cybersecurity ,
Department of Energy (DOE) ,
Department of Financial Services ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Medical Devices ,
NIST ,
Personally Identifiable Information ,
Popular ,
Ransomware
An increasing number of businesses are targeted by very sophisticated email scams designed to convince company employees responsible for executing financial transactions to wire funds to overseas accounts controlled by...more
1/3/2017
/ Banks ,
CEOs ,
CFOs ,
Chief Information Officers (CIO) ,
Chief Information Security Officer (CISO) ,
Commercial Insurance Policies ,
Continuing Legal Education ,
COOs ,
Crime Victims ,
Cybersecurity ,
Email ,
FBI ,
Fraud Prevention ,
Loss Prevention ,
Offshore Banks ,
Phishing Scams ,
Risk Assessment ,
Risk Mitigation ,
Webinars ,
Wire Fraud
What role do cyber and other insurance lines play when losses result from an employee’s unwitting participation in spoofed email or password theft schemes? Several recent cases illustrate the evolving coverage implications...more
In May of this year, in Robins v. Spokeo, the Supreme Court ruled on the important issue of standing for plaintiffs asserting statutory claims for damages in federal court. Some observers thought the decision would guide...more
A Georgia appellate court has ruled that there is no continuous trigger of coverage for an environmental claim when the subject policy responds to occurrences, not property damage, during the policy period. The insured sought...more
The Louisiana Supreme Court has endorsed pro rata allocation of defense costs associated with hearing loss cases across triggered policy periods. The decision reversed a 2015 appellate ruling that pro rata allocation applied...more
The Wyoming Supreme Court ruled on August 17, 2016 that an insurer “must be prejudiced before being entitled to deny coverage when the insured has failed to give notice ‘as soon as practicable.’” In addressing a certified...more
General Data Protection Regulation Update -
As reported in the April Locke Lord Privacy & Cybersecurity Newsletter, the European Parliament gave the final approval to the General Data Protection Regulation (GDPR) on...more
7/7/2016
/ Americans with Disabilities Act (ADA) ,
Cybersecurity ,
Data Breach ,
Department of Insurance ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Commissioner's Office (ICO) ,
NLRA ,
OCR ,
UK ,
UK Data Protection Act