Minding Your Business

Proskauer’s perspective on developments and trends in commercial litigation.

Category Archives: Privacy

Subscribe to Privacy RSS Feed

Cybersecurity: A Guide to Preparing for and Responding to a Breach

A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to … Continue Reading

District Court Affirms Order Requiring Production of Cyber-Investigation Report after Considering Totality of Circumstances

As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product doctrines needed to be produced because Capital One had not met its burden under the dual-purpose doctrine to show that … Continue Reading

Margaret Dale Explores Ways to Protect Privilege After Data Breach

Proskauer’s Vice-Chair of the Litigation Department and Minding Your Business blog editor, Margaret Dale was recently featured on Thomson Reuters’ Practical Law, where she explores ways that clients can protect privilege after a data breach. The first, “Protecting Privilege Basics,” identifies steps that can be taken by an organization to maximize the ability to successfully … Continue Reading

California Attorney General Releases Final Proposed Regulations

On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). In the link below, we provide information about the final proposed regulations and enforcement actions. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and … Continue Reading

Maintaining Privilege and Work Product Protections in Dual Purpose (Legal and Business) Investigations

Requires More than Merely Adding Counsel’s Name to a Forensic Report. Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions, reports generated as a result of such investigations can be protected from discovery by privilege and work product protections– despite certain non-legal use – under the “dual purpose” … Continue Reading

Cybersecurity: Threats, Consequences, and the Regulatory Framework

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading

Data Breaches and Damages: Consumer Action Under the CCPA

With less than one month to go before the California Consumer Privacy Act of 2018’s (“CCPA”) effective date of January 1, 2020, businesses should be aware of the potential litigation that awaits them. The CCPA is a California privacy law that gives California consumers the rights to know about and control the personal information that … Continue Reading

Privacy vs. Security: Will SCOTUS Leave the (Third) Party in 2018?

If the government obtains information about your past locations from your wireless provider, is that a search? If so, is it a search that requires the government to obtain a warrant? Courts have held that, because companies collect this kind of data in the ordinary course of business, consumers who voluntarily provide information to these … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 3: Cross-Border Discovery Issues

As explained in Part I and Part II of this series, U.S.-based commercial litigators should be aware that other countries’ privacy laws may affect their cases in unexpected ways. Perhaps the most likely stage for these issues to surface is during discovery, where materials of interest are located in another country, and that country’s privacy … Continue Reading

The Supreme Court’s Spokeo Decision and its Potential Impact on Privacy and Data Security Class Actions

On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This … Continue Reading

CA Court Plays “Tag” – Judge Refuses to Drop Facebook Photo-Tagging Privacy Case

Earlier this month, a judge from the Northern District of California allowed a putative class action suit to proceed against Facebook. In this case, the plaintiffs alleged Facebook collected and stored biometric data of individuals’ facial features for use in “tagging” friends in digital photographs. In rejecting Facebook’s attempt to dismiss the suit, the court … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 2: Global Trends

Although the volume of data that flows between the EU and the U.S. ensures that EU privacy law occupies most of the spotlight on the world stage, other countries have their own privacy laws worth noting as well.[1] Different Types of Privacy Regimes As a preliminary matter, it is important to keep in mind that … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 1: the EU

Let’s say an American commercial litigator is working to defend a multinational client that has been sued in the U.S. The litigator may realize that he or she needs to collect emails or other documents from the client’s office in Germany, perhaps for discovery or investigation. However, the export of the data contained in those … Continue Reading
LexBlog