Minding Your Business

Proskauer’s perspective on developments and trends in commercial litigation.

Category Archives: Privacy & Data Security

Subscribe to Privacy & Data Security RSS Feed

Cybersecurity: A Guide to Preparing for and Responding to a Breach

A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to … Continue Reading

Sixth Circuit Tips the Scale in Split Over What Constitutes an Autodialer Under the TCPA

The Sixth Circuit has joined the Second and Ninth Circuits in their broad interpretation of the Telephone Consumer Protection Act’s (TCPA) autodialer provision. In doing so, it has tipped the scale in a circuit split that is ripe for review by the U.S. Supreme Court.… Continue Reading

District Court Affirms Order Requiring Production of Cyber-Investigation Report after Considering Totality of Circumstances

As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product doctrines needed to be produced because Capital One had not met its burden under the dual-purpose doctrine to show that … Continue Reading

Margaret Dale Explores Ways to Protect Privilege After Data Breach

Proskauer’s Vice-Chair of the Litigation Department and Minding Your Business blog editor, Margaret Dale was recently featured on Thomson Reuters’ Practical Law, where she explores ways that clients can protect privilege after a data breach. The first, “Protecting Privilege Basics,” identifies steps that can be taken by an organization to maximize the ability to successfully … Continue Reading

California Attorney General Releases Final Proposed Regulations

On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). In the link below, we provide information about the final proposed regulations and enforcement actions. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and … Continue Reading

Maintaining Privilege and Work Product Protections in Dual Purpose (Legal and Business) Investigations

Requires More than Merely Adding Counsel’s Name to a Forensic Report. Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions, reports generated as a result of such investigations can be protected from discovery by privilege and work product protections– despite certain non-legal use – under the “dual purpose” … Continue Reading

Cybersecurity: Threats, Consequences, and the Regulatory Framework

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading

A New Frontier or Back to Basics? FTC Issues New Guidance on Artificial Intelligence Technology

In the latest piece to come out of the FTC’s new focus on emerging technologies, the FTC Bureau of Consumer Protection issued new guidance on the use of artificial intelligence (“AI”) and algorithms. The guidance follows up on a 2018 hearing where the FTC explored AI, algorithms, and predicative analysis. As the FTC recognizes, these … Continue Reading

Ninth Circuit “Scraps” Old Construction of CFAA in Closely Watched LinkedIn Data Scraping Case

This past month, professional networking site LinkedIn Corp., was given more time to file a petition for certiorari challenging a Ninth Circuit finding that hiQ Labs Inc. (“hiQ”), a workforce data analytics startup, did not violate federal hacking laws by “scraping” LinkedIn member profiles without LinkedIn’s permission. Data scraping, or web scraping, is a method … Continue Reading

Data Breaches and Damages: Consumer Action Under the CCPA

With less than one month to go before the California Consumer Privacy Act of 2018’s (“CCPA”) effective date of January 1, 2020, businesses should be aware of the potential litigation that awaits them. The CCPA is a California privacy law that gives California consumers the rights to know about and control the personal information that … Continue Reading

CCPA: Consumers and the Right to Sue

The California Consumer Privacy Act of 2018 (“CCPA”) is a California privacy law that gives consumers, defined as natural persons residing in California, affirmative rights with respect to their data privacy.  Namely, the CCPA endows consumers with certain rights to access information about and control what a business does with their personal information.  (For an … Continue Reading

A Radical Change to Ratification: Key Takeaways from Henderson v. United Student Aid Funds, Inc.

On Friday, March 22, a split panel of the Ninth Circuit Court of Appeals found that a company with no direct contractual relationship with independent contractors could be found vicariously liable for the actions of those contractors in a class action suit. The majority held that ratification may create an agency relationship when none existed … Continue Reading

A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements, Part II

What would companies need to do to comply with the law? The Stop Hacks and Improve Electronic Data Security (SHIELD) Act imposes requirements in two areas: cybersecurity and data breach notification. The cybersecurity provisions of the proposed SHIELD Act would require companies to adopt “reasonable safe-guards to protect the security, confidentiality and integrity” of private … Continue Reading

A Primer on the SHIELD Act: New York’s Move to Adopt More Stringent Data Security Requirements

In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs, as well as potential enforcement … Continue Reading

Making VHS Relevant Again: The Uncertain Scope of Personal Information Protected by the Video Privacy Protection Act of 1988

The Ninth Circuit recently became the third federal appellate court to tackle what constitutes “personally identifiable information” protected by the Video Privacy Protection Act of 1988 (“VPPA”). Last year, the First Circuit and the Third Circuit propounded different standards for applying this statute, as they each grappled with the necessary leap from the age of VCRs … Continue Reading

Location, Location, Location: Microsoft Debate Over Government’s Access to Overseas Data Heads to the Supreme Court

On October 16, 2017, the Supreme Court agreed to review the Second Circuit’s decision in United States v. Microsoft Corp., a case that highlights the current tension between law enforcement needs and privacy concerns in a rapidly changing digital landscape.… Continue Reading

Concrete Enough to Stand: Ninth Circuit Upholds FCRA Claims in Spokeo

On August 15, 2017, the Ninth Circuit delivered the latest episode in the Robins v. Spokeo saga, reaffirming on remand from the Supreme Court that plaintiff Robins had alleged an injury in fact sufficient for Article III standing to bring claims under the Fair Credit Reporting Act (FCRA). Robins had brought a putative class action against … Continue Reading

Data Breach 101, Part I: Data Breach Notification Laws

In 2017, there are few words that make companies – and their counsel – shudder more than “data breach.” Recent high-profile breaches and the resulting litigation have shown that breaches can be embarrassing, harmful to a company’s brand, and extremely expensive to handle – both in terms of response costs and, potentially, damages paid to … Continue Reading

Home Depot Data Breach Derivative Suit Sent Home

Judge Thomas W. Thrash Jr. of the U.S. District Court of Georgia permanently shelved a derivative suit brought by shareholders of Home Depot. Home Depot is a multinational home improvement retailer. In September, 2014, Home Depot suffered a data breach that resulted in $192 million in net losses. This breach followed the widely publicized data … Continue Reading
LexBlog