One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D. Cal…. Continue Reading
Category Archives: Data Security
Subscribe to Data Security RSS FeedIncident Response: The Increasing Risks to Corporate Legal Departments
Posted in Data Breach, Data Breach, Data SecurityThe consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here are… Continue Reading
Law Firm Data Security: The First Class Action
Posted in Data Breach, Data Security, Law firm data security, Lawsuits, Vendor ManagementEarlier this year, Bloomberg Law reported that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against a regional law firm that had vulnerabilities in its information security systems. This week, the identity of the firm and the allegations of the lawsuit were unsealed. The case, Shore v…. Continue Reading
The SEC Makes Clear There is No Room For Error in Cybersecurity
Posted in Being Proactive, Data Breach, Data Security, SECThe SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was… Continue Reading
Understanding EMV Payment Card Technology
Posted in Data Security, Payment CardsA significant change is happening to payment card technology. Any company that accepts credit cards as a form of payment needs to know about it if they intend to continue accepting payment cards in the future. The technology is called “EMV” (EuroPay, MasterCard, Visa). The card brands hope that EMV technology will significantly reduce the… Continue Reading
FDA Issues Draft Guidance on Postmarket Cybersecurity Programs for Medical Devices
Posted in Being Proactive, Data Security, FDA, PharmaIn 2014, the Food and Drug Administration (“FDA”) articulated its expectations for how device manufacturers address cybersecurity premarket in Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Recently, the FDA released complementary draft guidance in Postmarket Management of Cybersecurity in Medical Devices. In the new guidance, the FDA explains what constitutes an… Continue Reading
60 Minutes Reports on Payment Card Data Breaches
Posted in Data Breach, Data Breach, Data SecurityEver wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black… Continue Reading
Why Every Business Should Care About Florida’s Information Protection Act
Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data SecurityMy last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading
Everything You Need To Know About Florida’s New Data Protection Law
Posted in Breach Notification Statutes, Data Breach, Data Privacy, Data SecurityThe Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA). This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law. The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected. Once… Continue Reading
The Target Data Breach Lawsuits: Why Every Company Should Care
Posted in Data Breach, Data Security, LawsuitsPlaintiffs’ lawyers were falling over themselves last week in a race to the courthouse to sue Target as a result of its recent data breach. By at least one report, over 40 lawsuits have already been filed against Target, the first of which was filed the day after the breach became public. This post will… Continue Reading
Yet Another Potential Multimillion-Dollar Data Breach Settlement . . .
Posted in Data Breach, Data Security, LawsuitsJust when you thought it might be safe to go back into the water, another significant data breach lawsuit may be settling. Last week, I wrote about the proposed settlement in the AvMed lawsuit. The motion for a preliminary proposed settlement in that case was granted on Friday, and a Final Hearing is set for… Continue Reading
$3,000,000 Settlement Reached in Data Breach Lawsuit
Posted in Data Breach, Data Security, LawsuitsHow much of a headache can a couple of stolen laptops cause your organization? How about a $3 million headache?? That is the amount of a settlement proposed in an Unopposed Motion in Support of Preliminary Approval of Class Action Settlement in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit pending in the Southern District of… Continue Reading
Data Breach Lawsuits Settling in the Southern District of Florida
Posted in Data Breach, Data Security, LawsuitsPlaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment. A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense. It is dangerous, however,… Continue Reading
Healthcare Organizations Take It On The Chin
Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, LawsuitsIf you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone. The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading
Law Firms: How Are You Securing Your Clients’ Information?
Posted in All Things E, Data Privacy, Data Security, Vendor ManagementWhat are law firms doing to protect their clients’ sensitive information? What are clients doing to determine whether their outside counsel are using reasonable security measures to protect their sensitive information (confidential communication, customer data, financial information, protected health information, intellectual property, etc.)? According to the data forensic firm Mandiant, at least 80 major law… Continue Reading
Texas’s Data Privacy Training Laws Change (Again)
Posted in Data Privacy, Data Security, Health Care IndustryIn August of last year, I wrote about HB 300, a Texas law that, beginning September 1, 2012, created employee training and other requirements for any company doing business in Texas that collects, uses, stores, transmits, or comes into possession of protected health information (PHI). The law’s training provisions required covered entities to train their… Continue Reading
U.S. Senate Considers Federal Data Security Legislation
Posted in Data Breach, Data Breach, Data Privacy, Data SecurityLegislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents. The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations: to secure personal information and to notify… Continue Reading
The SEC’s Guidance on Cyber Risks and Incidents: A Deeper Dive
Posted in Data Security, SECIn October 2011, the U.S. Securities and Exchange Commission’s Division of Corporation Finance issued “CF Disclosure Guidance: Topic No. 2”, which was a guidance intended to provide some clarity as to the material cyber risks that a publicly traded company should disclose. I previously wrote about the guidance. This blog post is the first of… Continue Reading
Data Security Remains Top Concern in Corporate Boardrooms
Posted in Data Security, Surveys and studiesLast August, I wrote about a survey by Corporate Board Member and FTI Consulting, Inc., showing that data security was the top legal risk for corporate directors and general counsel. That same survey was taken again in 2013, and the results were released last week in a report entitled “Law in the Boardroom.” The gist… Continue Reading
What Does A Cyber Attack Look Like?
Posted in All Things E, Data Breach, Data SecurityThe phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information. It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory. Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on… Continue Reading
Data Breaches – Who is Causing Them, How, and What Can Companies Do About It?
Posted in Data Security, Surveys and studiesOne of the leading annual studies analyzing the causes of data breaches was released earlier today. The 2013 Verizon Data Breach Investigations Report analyzes what is causing data breaches, how the breaches are occurring, who are the hackers and the victims, and what trends can be gleaned from this information. The report has become a… Continue Reading
Data Breach Lawsuits – Revisiting the Risks
Posted in Data Breach, Data Breach, Data Privacy, Data Security, LawsuitsUntil recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
The Cybersecurity Executive Order – Have Your Say!
Posted in Data SecurityOn February 12th, President Obama issued an Executive Order on Cybersecurity that seeks to improve critical infrastructure cybersecurity in the United States by encouraging sharing of important cybersecurity information between the government and owners and operators of critical infrastructure. “Critical infrastructure” means systems and assets so vital to the United States that the incapacity or… Continue Reading
Busy Day for Cybersecurity in D.C.
Posted in All Things E, Data SecurityI’m a big fan of Bloomberg West. Perhaps more so than almost any other television news program, it does a terrific job of providing both depth and breadth on issues that are important to the technology industry. Tonight’s report by Megan Hughes about breaking developments on the cybersecurity front today was no exception. Watch it here:… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile