Data Security

Florida Throws Its Hat Into the Privacy Ring, And It’s Looking A Lot Like California

By Al Saikali on February 16, 2021

Posted in Biometric Privacy, CCPA, Data Breach, Data Breach, Data Privacy, Data Security, Lawsuits

Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant development given that he and both chambers of the Florida Legislature are Republican and, to date,…

The Eleventh U.S. Circuit Weighs in on Data Breach Standing Issues

By Al Saikali on February 5, 2021

Posted in Data Breach, Data Breach, Data Privacy, Data Security, Lawsuits

Yesterday, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals has weighed in on two important questions in the world of privacy and data breach litigation. First, does a plaintiff have standing where he was exposed to a substantial risk of future identity theft, even though there was no misuse of his…

Florida’s Proposed Privacy Legislation: An In-Depth Analysis for Corporate Counsel

By Al Saikali on January 27, 2020

Posted in Data Privacy, Data Security

The Florida Senate and House of Representatives are considering two bills (SB 1670 and HB 963) that, if adopted, will amend Florida law to create the state’s first comprehensive privacy law (though they do not go nearly as far as the CCPA). The proposed amendments would: (1) prohibit the use of personal data…

Could Florida be the Next BIPA State?

By Al Saikali on March 3, 2019

Posted in Biometric Privacy, Data Privacy, Data Security, Lawsuits

An identical version of the Illinois Biometric Information Privacy Act (BIPA) has been introduced in the Florida Senate. The bill includes the same private right of action. The Illinois BIPA has become an enormous revenue earner for the plaintiff’s bar, who have filed gotcha lawsuits against companies seeking millions of dollars on the ground that…

Court Applies Work Product Protection to Breach Investigation Reports

By Al Saikali on May 21, 2017

Posted in Data Breach, Data Security, Lawsuits

One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D.…

Incident Response: The Increasing Risks to Corporate Legal Departments

By Al Saikali on March 5, 2017

Posted in Data Breach, Data Breach, Data Security

The consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here…

Law Firm Data Security: The First Class Action

By Al Saikali on December 12, 2016

Posted in Data Breach, Data Security, Law firm data security, Lawsuits, Vendor Management

Earlier this year, Bloomberg Law reported that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against a regional law firm that had vulnerabilities in its information security systems. This week, the identity of the firm and the allegations of the lawsuit were unsealed. The case,…

The SEC Makes Clear There is No Room For Error in Cybersecurity

By Al Saikali on June 22, 2016

Posted in Being Proactive, Data Breach, Data Security, SEC

The SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was…

Understanding EMV Payment Card Technology

By Al Saikali on March 9, 2016

Posted in Data Security, Payment Cards

A significant change is happening to payment card technology. Any company that accepts credit cards as a form of payment needs to know about it if they intend to continue accepting payment cards in the future. The technology is called “EMV” (EuroPay, MasterCard, Visa). The card brands hope that EMV technology will significantly reduce the…

FDA Issues Draft Guidance on Postmarket Cybersecurity Programs for Medical Devices

By Al Saikali & Tim Moore on February 18, 2016

Posted in Being Proactive, Data Security, FDA, Pharma

In 2014, the Food and Drug Administration (“FDA”) articulated its expectations for how device manufacturers address cybersecurity premarket in Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Recently, the FDA released complementary draft guidance in Postmarket Management of Cybersecurity in Medical Devices. In the new guidance, the FDA explains what…

Data Security Law Journal

Menu