Last month, the FTC issued a report to Congress advising governments and companies to exercise “great caution” in using artificial intelligence (“AI”) to combat harmful online content. The report responds to Congress’s request to look into whether and how AI may be used to identify, remove, or otherwise address a wide variety of specified “online … Continue Reading
Website owners who seek to bind visitors to the terms of an arbitration agreement must make those terms “reasonably conspicuous” under the law, and website visitors must “manifest unambiguous assent” to those terms. That means that the smallest of details – the font and color of the text, the color of the page, the location … Continue Reading
Earlier this year, we reported on the potential breeding ground for litigation under Illinois’ Biometric Information Privacy Act (“BIPA”). A recent decision from an Illinois state appellate panel on the different limitations periods that apply to BIPA provides guidance for companies faced with a BIPA lawsuit and the arguments they can make on a motion … Continue Reading
In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed … Continue Reading
On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that an increased risk of identity theft was a concrete injury sufficient to confer Article III standing, deepening a circuit split on … Continue Reading
As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape, specifically concerning the discoverability of post-breach … Continue Reading
The massive data breach of the United States Commerce and Treasury Departments that has roiled the federal government has resulted in federal securities litigation. On January 4, 2021, Plaintiff-Shareholder Timothy Bremer filed a class action complaint against SolarWinds and SolarWinds’ corporate executives in the United States District Court for the Western District of Texas. SolarWinds … Continue Reading
As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the public and private sectors. Whether or … Continue Reading
On November 25, 2020, a shareholder of First American Financial Corporation (“First American”) filed suit against the company and its officers and directors over a massive data security breach that exposed hundreds of millions of sensitive customer records. The shareholder derivative action, filed by Norman Hollett in Delaware federal court, alleges breaches of fiduciary duties, unjust … Continue Reading
A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to … Continue Reading
The Sixth Circuit has joined the Second and Ninth Circuits in their broad interpretation of the Telephone Consumer Protection Act’s (TCPA) autodialer provision. In doing so, it has tipped the scale in a circuit split that is ripe for review by the U.S. Supreme Court.… Continue Reading
As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product doctrines needed to be produced because Capital One had not met its burden under the dual-purpose doctrine to show that … Continue Reading
Proskauer’s Vice-Chair of the Litigation Department and Minding Your Business blog editor, Margaret Dale was recently featured on Thomson Reuters’ Practical Law, where she explores ways that clients can protect privilege after a data breach. The first, “Protecting Privilege Basics,” identifies steps that can be taken by an organization to maximize the ability to successfully … Continue Reading
On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). In the link below, we provide information about the final proposed regulations and enforcement actions. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and … Continue Reading
Requires More than Merely Adding Counsel’s Name to a Forensic Report. Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions, reports generated as a result of such investigations can be protected from discovery by privilege and work product protections– despite certain non-legal use – under the “dual purpose” … Continue Reading
In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading
In the latest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (“AI”) and algorithms. The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these … Continue Reading
This past month, professional networking site LinkedIn Corp., was given more time to file a petition for certiorari challenging a Ninth Circuit finding that hiQ Labs Inc. (“hiQ”), a workforce data analytics startup, did not violate federal hacking laws by “scraping” LinkedIn member profiles without LinkedIn’s permission. Data scraping, or web scraping, is a method … Continue Reading
With less than one month to go before the California Consumer Privacy Act of 2018’s (“CCPA”) effective date of January 1, 2020, businesses should be aware of the potential litigation that awaits them. The CCPA is a California privacy law that gives California consumers the rights to know about and control the personal information that … Continue Reading
The California Consumer Privacy Act of 2018 (“CCPA”) is a California privacy law that gives consumers, defined as natural persons residing in California, affirmative rights with respect to their data privacy. Namely, the CCPA endows consumers with certain rights to access information about and control what a business does with their personal information. (For an … Continue Reading
On Friday, March 22, a split panel of the Ninth Circuit Court of Appeals found that a company with no direct contractual relationship with independent contractors could be found vicariously liable for the actions of those contractors in a class action suit. The majority held that ratification may create an agency relationship when none existed … Continue Reading
What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security, confidentiality and integrity” of private … Continue Reading
In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs, as well as potential enforcement … Continue Reading
The Ninth Circuit recently became the third federal appellate court to tackle what constitutes “personally identifiable information” protected by the Video Privacy Protection Act of 1988 (“VPPA”). Last year, the First Circuit and the Third Circuit propounded different standards for applying this statute, as they each grappled with the necessary leap from the age of VCRs … Continue Reading
This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.
