Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: Data Breach

D.C. Circuit: Alleged theft of healthcare subscriber information satisfies Article III harm standard under Spokeo

Posted in Data Breach, Insurance, Litigation
The U.S. Court of Appeals for the D.C. Circuit has now weighed in on whether plaintiffs can bring a putative class action arising from an alleged data breach in lieu of allegations of actual misuse of compromised data.  Emphasizing the “low bar to establish [] standing at the pleading stage,” the D.C. Circuit reversed a… Continue Reading

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

FTC Submits Public Comment to Working Group Tasked with Developing Guidance on IoT Security, Upgradability, and Patching

Posted in Cybersecurity / Data Security, Data Breach, Internet of Things
On June 19, 2017, the Federal Trade Commission (FTC) issued a public comment regarding the National Telecommunications & Information Administration’s (NTIA) draft guidance titled Communicating IoT Device Security Update Capability to Improve Transparency for Customers.  In commenting on the guidance, the FTC acknowledged the benefits of and challenges to IoT device security, and encouraged manufacturers… Continue Reading

Judge Approves Neiman Marcus Data Breach Settlement

Posted in Cybersecurity / Data Security, Data Breach
Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any… Continue Reading

Data Breach Class Action Dismissed for Not Establishing Economic Injury

Posted in Data Breach, Litigation
Earlier this week, a federal Illinois court dismissed a class action against book retailer Barnes & Noble that alleged breach of contract, invasion of privacy, and violations of state consumer fraud and breach reporting laws. The case, dismissed for failing to establish economic harm, marks another data point in demarcating actionable data breaches and highlights… Continue Reading

Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million

Posted in Data Breach
On Wednesday, in one of the most high-profile data breach settlements to date, The Home Depot agreed to pay $25 million to settle a consolidated class action involving more than 60 nationwide financial institutions harmed by the retailer’s September 2014 data breach.  That month, the home improvement giant announced that hackers had installed malware on… Continue Reading

December 2016 Monthly Update

Posted in Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Health IT, Privacy, Rules
Kansas Judge Rules that Class Action over CareCentrix Data Breach may Proceed On December 19, 2016, in Hapka v. Carecentrix, the United States District Court for the District of Kansas denied CareCentrix, Inc.’s (CareCentrix) motion to dismiss a class action suit arising from a data breach affecting CareCentrix’s personal and tax information regarding thousands of… Continue Reading

Alabama District Court Relieves Carrier of a Duty to Defend or Indemnify Policyholder Following Data Breach

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On October 25, in the case of Camp’s Grocery, Inc. v. State Farm Fire & Casualty Company, the District Court for the Northern District of Alabama granted summary judgment in favor of State Farm Fire and Casualty Company (“State Farm”), concluding that State Farm did not have to defend or indemnify its policyholder, Camp’s Grocery… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of July 3

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
Article 31 Committee approves Privacy Shield; House Cuts FCC Funding Over Attempted Broadband Privacy Regulations; No Charges for Clinton in Data Security Probe; European Commission launches public-privacy partnership on cybersecurity; European Parliament adopts NIS Directive; Privacy Code of Conduct for mHealth app providers finalized; French parliament about to make French Privacy act more severe; Russia… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 26

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy, Social Media
Adoption of Privacy Shield expected in early July; Federal Court limits VPPA liability; Belgian Court overturns Facebook fine; FTC robocall crackdown; A rare HIPAA criminal conviction; UK’s ICO fines Brexit campaigners for mass text messages; House report calls for national encryption commission. European Commission expects adoption of Privacy Shield for beginning of July European officials… Continue Reading

Arizona District Court Determines Scope of Coverage Provided by Cyberinsurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance
On May 26, 2016, in the case of P.F. Chang’s v. Federal Insurance Co., the U.S. District Court for the District of Arizona held that a stand-alone cyber insurance policy did not cover fees assessed by a third party credit card processing company against P.F. Chang’s following a June 2014 data breach.  This decision is… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 20, 2016

Posted in Cybersecurity / Data Security, Data Breach, Health IT, Internet of Things, Privacy
Brexit effect on EU and UK Privacy rules; EU and U.S. to strengthen ‘Privacy Shield’; Ponemon Study on Healthcare Data Security; Mobile ad provider fined for deceptive conduct FTC comments on the Internet of Things Brexit – what does it mean for EU and UK Privacy rules? On June 23, 2016, the population of Great… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 13

Posted in Cybersecurity / Data Security, Data Breach, Privacy
A victory for net neutrality; U.S. may join Irish Facebook Data-Transfer case; EU-U.S. Privacy Shield by early July?; French Data Protection Authority opens GDPR consultation; FTC addresses proposed TCPA changes; DOJ and DHS cybersecurity sharing guidelines. Federal appellate court upholds net neutrality The U.S. Court of Appeals for the D.C. Circuit upheld “net neutrality” rules… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of June 6

Posted in Cybersecurity / Data Security, Data Breach, Privacy
$1M Fine for Morgan Stanley Data Breach; German DPA Issues Data Transfer Fines; FTC Critiques FCC Privacy Proposal; New Contractor Cybersecurity Rules; Drone Operations Best Practices Morgan Stanley fined $1M for alleged failure to secure client data The U.S. Securities and Exchange Commission (“SEC”) and Morgan Stanley Smith Barney LLC (“Morgan Stanley”) reached a settlement… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 30, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Health IT, Privacy
EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations EU and U.S. sign Umbrella Agreement on Law Enforcement Data On June 2, 2016, Vera… Continue Reading

Privacy & Cybersecurity Weekly News Update- Week of May 23, 2016

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
Data Breach Liability Requires Actual Misuse; More U.S.-EU Data Transfer Uncertainty; Airline App Exempt from State Privacy Law; Pending Cyber Bill Would Create Consortium; Encryption-Related Deceptive Advertising Settlement; PayPal Fined for Deceptive Trade Practices The Spokeo effect: data breach claims require actual examples of information misuse Last week, a federal court dismissed claims alleging harm… Continue Reading

Privacy & Cybersecurity News Update- 3 Week Summary

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
The Panama Papers Leak – An overview on histories’ biggest data leak; Article 29 Working Party about to release opinion on EU-U.S. Privacy Shield; EU: GDPR and PCJ DPD about to be approved next week – final consolidated text published by Council; US: New HIPAA Audit Protocol Released as a Guidance Tool for phase two… Continue Reading

Fourth Circuit Affirms Carrier’s Duty to Defend Against Security Breach Claims Under Traditional Insurance Policy

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
Following an April 11 ruling by the Fourth Circuit in Travelers Indemnity Company of America v. Portal Healthcare Solutions, LLC, Travelers must defend its policyholder, Portal Healthcare, in a class action lawsuit concerning a security breach.  For years, courts have wrestled with whether traditional commercial general liability (CGL) policies provide coverage in event of a… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Internet of Things, Privacy
FCC Adopts a NPRM for Privacy Proposal; FTC Chairwoman Wants IoT Threat Addressed; Consumer Reports Hit with Privacy Class Action; DOJ Accesses Shooter’s Phone and Drops Apple Suit   FCC Adopts a NPRM for Privacy Proposal On Thursday, March 31 in a 3-2 party-line vote, the FCC advanced a Notice of Proposed Rulemaking (NPRM) for… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy
OCR Launches Next Round of HIPAA Audits; French Privacy Office Levies € 100,000 Fine on Google; SEC Reaches $18 Million Settlement for Alleged Hacker-Trader Conspiracy; FTC and Canadian Regulator Execute Anti-Spam MOU; FTC Commissioner Announces She Will Step Down OCR Launches Next Round of HIPAA Audits Last Monday, following much anticipation, the Department of Health… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Privacy, Social Media
OCR Announces a Settlement … Again; HHS Eases Restrictions on Mental Health Information Sharing to Facilitate Gun Control Efforts; Facebook: Users Lack Standing in Cookie MDL; Plaintiffs Argue for Summary Judgment in $5 Million Twitter TCPA Suit OCR Announces a Settlement … Again For the second time this week, OCR announced another huge settlement. The… Continue Reading

NAIC Announces Insurance Data Security Model Law

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On March 2, 2016, the National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force proposed a new model law intended to “establish the exclusive standards for data security and investigation and notification of a breach of data security” in the insurance industry. The model law requires licensed insurers and producers to: Develop, implement and maintain… Continue Reading

OCR Announces $1.5M Settlement

Posted in Data Breach
OCR just announced another huge settlement.  The $1.5 million settlement with North Memorial Health Care is based on the alleged failure to enter into a business associate agreement and alleged failure to conduct a risk analysis.  The investigation started (as many OCR settlements often do) after OCR received a breach report regarding a stolen laptop… Continue Reading