Minding Your Business

Proskauer’s perspective on developments and trends in commercial litigation.

Category Archives: Privacy

Subscribe to Privacy RSS Feed

Litigation Update on Illinois’ Biometric Information Privacy Act

Earlier this year, we reported on the potential breeding ground for litigation under Illinois’ Biometric Information Privacy Act (“BIPA”).  A recent decision from an Illinois state appellate panel on the different limitations periods that apply to BIPA provides guidance for companies faced with a BIPA lawsuit and the arguments they can make on a motion … Continue Reading

English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack

In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed … Continue Reading

The Future of the FTC, Part II

A previous blog post discussed FTC Chairwoman Slaughter’s first priority as the newly designated chairwoman – the COVID-19 pandemic. The FTC’s second priority, racial equity, can be broken down into two sub issues. First, the FTC plans to investigate biased and discriminatory algorithms that target vulnerable communities. As the FTC acknowledges, the analysis of data … Continue Reading

The Future of the FTC, Part I

On January 21, 2021, President Biden designated Federal Trade Commission (the “FTC”) Commissioner Rebecca Kelly Slaughter as acting chair of the FTC. Soon thereafter in one of her first speeches in her new role, Chairwoman Slaughter announced two substantive areas of priority for the FTC – the COVID-19 pandemic and racial equity. Read the full … Continue Reading

Circuit Split Deepens as Eleventh Circuit Rejects “Risk of Identity Theft” Theory of Standing in Data Breach Suit

On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that an increased risk of identity theft was a concrete injury sufficient to confer Article III standing, deepening a circuit split on … Continue Reading

Firm’s Computer Policy Doesn’t Undermine Claim of Privilege Over “Private” Communications With Counsel

New York City apartment living can spawn interesting legal disputes when neighbors fail to resolve their grievances amicably and resort to the courts.  Sometimes these disputes bring fanfare as well as opportunities to observe traditional rules of law in action. A recent decision in the ongoing dispute between actor Justin Theroux and his neighbors (Theroux … Continue Reading

A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts in Light of the SolarWinds Attack

As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the public and private sectors. Whether or … Continue Reading

Shareholder Seeks Second Look At Company Data Security Practices

On November 25, 2020, a shareholder of First American Financial Corporation (“First American”) filed suit against the company and its officers and directors over a massive data security breach that exposed hundreds of millions of sensitive customer records. The shareholder derivative action, filed by Norman Hollett in Delaware federal court, alleges breaches of fiduciary duties, unjust … Continue Reading

Cybersecurity: A Guide to Preparing for and Responding to a Breach

A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to … Continue Reading

District Court Affirms Order Requiring Production of Cyber-Investigation Report after Considering Totality of Circumstances

As we previously reported, the Magistrate Judge in In re: Capital One Customer Data Security Breach Litigation, found that a forensic report that Capital One had claimed was protected by the privilege and work product doctrines needed to be produced because Capital One had not met its burden under the dual-purpose doctrine to show that … Continue Reading

Margaret Dale Explores Ways to Protect Privilege After Data Breach

Proskauer’s Vice-Chair of the Litigation Department and Minding Your Business blog editor, Margaret Dale was recently featured on Thomson Reuters’ Practical Law, where she explores ways that clients can protect privilege after a data breach. The first, “Protecting Privilege Basics,” identifies steps that can be taken by an organization to maximize the ability to successfully … Continue Reading

California Attorney General Releases Final Proposed Regulations

On June 1, 2020, the California Attorney General’s office released the third and final set of CCPA proposed regulations (available here). In the link below, we provide information about the final proposed regulations and enforcement actions. The CCPA, or the California Consumer Privacy Act of 2018, gives California consumers certain rights to learn about and … Continue Reading

Maintaining Privilege and Work Product Protections in Dual Purpose (Legal and Business) Investigations

Requires More than Merely Adding Counsel’s Name to a Forensic Report. Technical investigations conducted following cyber-incidents often have both legal and ordinary-course business purposes. In certain jurisdictions, reports generated as a result of such investigations can be protected from discovery by privilege and work product protections– despite certain non-legal use – under the “dual purpose” … Continue Reading

Cybersecurity: Threats, Consequences, and the Regulatory Framework

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the … Continue Reading

Data Breaches and Damages: Consumer Action Under the CCPA

With less than one month to go before the California Consumer Privacy Act of 2018’s (“CCPA”) effective date of January 1, 2020, businesses should be aware of the potential litigation that awaits them. The CCPA is a California privacy law that gives California consumers the rights to know about and control the personal information that … Continue Reading

Privacy vs. Security: Will SCOTUS Leave the (Third) Party in 2018?

If the government obtains information about your past locations from your wireless provider, is that a search? If so, is it a search that requires the government to obtain a warrant? Courts have held that, because companies collect this kind of data in the ordinary course of business, consumers who voluntarily provide information to these … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 3: Cross-Border Discovery Issues

As explained in Part I and Part II of this series, U.S.-based commercial litigators should be aware that other countries’ privacy laws may affect their cases in unexpected ways. Perhaps the most likely stage for these issues to surface is during discovery, where materials of interest are located in another country, and that country’s privacy … Continue Reading

The Supreme Court’s Spokeo Decision and its Potential Impact on Privacy and Data Security Class Actions

On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This … Continue Reading

CA Court Plays “Tag” – Judge Refuses to Drop Facebook Photo-Tagging Privacy Case

Earlier this month, a judge from the Northern District of California allowed a putative class action suit to proceed against Facebook. In this case, the plaintiffs alleged Facebook collected and stored biometric data of individuals’ facial features for use in “tagging” friends in digital photographs. In rejecting Facebook’s attempt to dismiss the suit, the court … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 2: Global Trends

Although the volume of data that flows between the EU and the U.S. ensures that EU privacy law occupies most of the spotlight on the world stage, other countries have their own privacy laws worth noting as well.[1] Different Types of Privacy Regimes As a preliminary matter, it is important to keep in mind that … Continue Reading

The Basics of International Privacy Law for Commercial Litigators, Part 1: the EU

Let’s say an American commercial litigator is working to defend a multinational client that has been sued in the U.S. The litigator may realize that he or she needs to collect emails or other documents from the client’s office in Germany, perhaps for discovery or investigation. However, the export of the data contained in those … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK