Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

D.C. Circuit: Alleged theft of healthcare subscriber information satisfies Article III harm standard under Spokeo

Posted in Data Breach, Insurance, Litigation
The U.S. Court of Appeals for the D.C. Circuit has now weighed in on whether plaintiffs can bring a putative class action arising from an alleged data breach in lieu of allegations of actual misuse of compromised data.  Emphasizing the “low bar to establish [] standing at the pleading stage,” the D.C. Circuit reversed a… Continue Reading

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

FTC Submits Public Comment to Working Group Tasked with Developing Guidance on IoT Security, Upgradability, and Patching

Posted in Cybersecurity / Data Security, Data Breach, Internet of Things
On June 19, 2017, the Federal Trade Commission (FTC) issued a public comment regarding the National Telecommunications & Information Administration’s (NTIA) draft guidance titled Communicating IoT Device Security Update Capability to Improve Transparency for Customers.  In commenting on the guidance, the FTC acknowledged the benefits of and challenges to IoT device security, and encouraged manufacturers… Continue Reading

Judge Approves Neiman Marcus Data Breach Settlement

Posted in Cybersecurity / Data Security, Data Breach
Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any… Continue Reading

Data Breach Class Action Dismissed for Not Establishing Economic Injury

Posted in Data Breach, Litigation
Earlier this week, a federal Illinois court dismissed a class action against book retailer Barnes & Noble that alleged breach of contract, invasion of privacy, and violations of state consumer fraud and breach reporting laws. The case, dismissed for failing to establish economic harm, marks another data point in demarcating actionable data breaches and highlights… Continue Reading

Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million

Posted in Data Breach
On Wednesday, in one of the most high-profile data breach settlements to date, The Home Depot agreed to pay $25 million to settle a consolidated class action involving more than 60 nationwide financial institutions harmed by the retailer’s September 2014 data breach.  That month, the home improvement giant announced that hackers had installed malware on… Continue Reading

December 2016 Monthly Update

Posted in Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Health IT, Privacy, Rules
Kansas Judge Rules that Class Action over CareCentrix Data Breach may Proceed On December 19, 2016, in Hapka v. Carecentrix, the United States District Court for the District of Kansas denied CareCentrix, Inc.’s (CareCentrix) motion to dismiss a class action suit arising from a data breach affecting CareCentrix’s personal and tax information regarding thousands of… Continue Reading

Illinois’ First Settlement under Biometric Law; AMA Adopts Principles for Mobile Health Apps; Ecuador to Enact Data Privacy Law

Posted in Cybersecurity / Data Security, Data Breach, Health IT
Illinois State Court Issues First Settlement under Biometric Law On December 1, 2016, the Cook County Circuit Court in Illinois approved what is being reported as the first settlement under the state’s Biometric Information Privacy Act, 740 ILCS 14/1 (BIPA or the Act).  BIPA provides a private right of action against companies that fail to… Continue Reading

Privacy-Cybersecurity Weekly News Update—Week of November 20 and November 27

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Discussion headlines: UMass settles alleged HIPAA violations; FCC combatting robotexts and robocalls; TCPA class certification; failed investor suit over data breach; UK surveillance bill became law UMass pays $650,000 to settle alleged HIPAA violations The University of Massachusetts Amherst (UMass) reached an agreement to pay $650,000 to settle alleged HIPAA violations based on the disclosure… Continue Reading

Alabama District Court Relieves Carrier of a Duty to Defend or Indemnify Policyholder Following Data Breach

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On October 25, in the case of Camp’s Grocery, Inc. v. State Farm Fire & Casualty Company, the District Court for the Northern District of Alabama granted summary judgment in favor of State Farm Fire and Casualty Company (“State Farm”), concluding that State Farm did not have to defend or indemnify its policyholder, Camp’s Grocery… Continue Reading

Internet of Things Raises Complex Insurance Coverage Issues

Posted in Cybersecurity / Data Security, Data Breach, Insurance
In a recent Law360 publication, C&M attorneys Rachel Raphael and Ellen Farrell discuss how the Internet of Things (IOT) can present complex insurance coverage issues.  As they explain, the tangible and intangible nature of IOT products can cause particular confusion between traditional general liability policies (which may exclude coverage for cyber incidents) and stand-alone cyber… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Privacy law meets antitrust – EU Commissioner Vestager on data in competition law; ECJ to rule on admissibility of Privacy class actions; Northern District of California Sends Yelp Privacy Suit to the Jury; EU Advocate General finds EU-Canadian PNR pact unlawful; New York Unveils New Cyber Security Rules for Financial Services Organizations; New Jersey Senate… Continue Reading

Insider Threats Meet Litigation

Posted in Cybersecurity / Data Security, Data Breach, Government Contracting, Information Management
Last week, we highlighted our colleagues’ post in Crowell’s Trade Secrets Trends focusing on recent comments submitted by the U.S. Chamber of Commerce regarding the need to stem the cyber theft of intellectual property.  Today, we once again turn to our sister blog to highlight an example of how that theft plays out in the… Continue Reading

OCR Announces Major HIPAA Enforcement Initiative

Posted in Cybersecurity / Data Security, Data Breach, Health IT
The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes,… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 31

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Privacy, Social Media
‘Privacy Shield’ certifications possible since August 1, 2016; Hamburg DPA aims to challenge ‘Privacy Shield’; EU Court rules on applicability of EU privacy laws to online companies; Pokémon Go violating EU Privacy Laws?; Norwegian DPA criticizes ‘Facebook at Work’; Advocate Health to Pay Largest HIPAA Settlement Ever; FTC Overrules LabMD Dismissal; Banner Health Cyberattack Affects… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of July 24

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Russians Hack Clinton Campaign System; FTC: LabMD Liable in Data Security Suit; EU Member States issue statement on Privacy Shield; NIS Directive published – Implementation into national law by May 2018; EU Data Protection Supervisor: e-Privacy directive should meet GDPR-requirements. Clinton Campaign Data Breach brings data security into 2016 campaign yet again On July 29,… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of July 3

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
Article 31 Committee approves Privacy Shield; House Cuts FCC Funding Over Attempted Broadband Privacy Regulations; No Charges for Clinton in Data Security Probe; European Commission launches public-privacy partnership on cybersecurity; European Parliament adopts NIS Directive; Privacy Code of Conduct for mHealth app providers finalized; French parliament about to make French Privacy act more severe; Russia… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 26

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy, Social Media
Adoption of Privacy Shield expected in early July; Federal Court limits VPPA liability; Belgian Court overturns Facebook fine; FTC robocall crackdown; A rare HIPAA criminal conviction; UK’s ICO fines Brexit campaigners for mass text messages; House report calls for national encryption commission. European Commission expects adoption of Privacy Shield for beginning of July European officials… Continue Reading

Arizona District Court Determines Scope of Coverage Provided by Cyberinsurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance
On May 26, 2016, in the case of P.F. Chang’s v. Federal Insurance Co., the U.S. District Court for the District of Arizona held that a stand-alone cyber insurance policy did not cover fees assessed by a third party credit card processing company against P.F. Chang’s following a June 2014 data breach.  This decision is… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 20, 2016

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Internet of Things, Privacy
Brexit effect on EU and UK Privacy rules; EU and U.S. to strengthen ‘Privacy Shield’; Ponemon Study on Healthcare Data Security; Mobile ad provider fined for deceptive conduct FTC comments on the Internet of Things Brexit – what does it mean for EU and UK Privacy rules? On June 23, 2016, the population of Great… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 13

Posted in Cybersecurity / Data Security, Data Breach, Privacy
A victory for net neutrality; U.S. may join Irish Facebook Data-Transfer case; EU-U.S. Privacy Shield by early July?; French Data Protection Authority opens GDPR consultation; FTC addresses proposed TCPA changes; DOJ and DHS cybersecurity sharing guidelines. Federal appellate court upholds net neutrality The U.S. Court of Appeals for the D.C. Circuit upheld “net neutrality” rules… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 6

Posted in Cybersecurity / Data Security, Data Breach, Privacy
$1M Fine for Morgan Stanley Data Breach; German DPA Issues Data Transfer Fines; FTC Critiques FCC Privacy Proposal; New Contractor Cybersecurity Rules; Drone Operations Best Practices Morgan Stanley fined $1M for alleged failure to secure client data The U.S. Securities and Exchange Commission (“SEC”) and Morgan Stanley Smith Barney LLC (“Morgan Stanley”) reached a settlement… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading