Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant development given that he and both chambers of the Florida Legislature are Republican and, to date,
Data Breach
The Eleventh U.S. Circuit Weighs in on Data Breach Standing Issues
Yesterday, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals has weighed in on two important questions in the world of privacy and data breach litigation. First, does a plaintiff have standing where he was exposed to a substantial risk of future identity theft, even though there was no misuse of his…
Court Applies Work Product Protection to Breach Investigation Reports
One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D.…
Incident Response: The Increasing Risks to Corporate Legal Departments
The consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here…
Law Firm Data Security: The First Class Action
Earlier this year, Bloomberg Law reported that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against a regional law firm that had vulnerabilities in its information security systems. This week, the identity of the firm and the allegations of the lawsuit were unsealed. The case,…
The SEC Makes Clear There is No Room For Error in Cybersecurity
The SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was…
60 Minutes Reports on Payment Card Data Breaches
Ever wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black…
Why Every Business Should Care About Florida’s Information Protection Act
My last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature…
The Target Data Breach Lawsuits: Why Every Company Should Care
Plaintiffs’ lawyers were falling over themselves last week in a race to the courthouse to sue Target as a result of its recent data breach. By at least one report, over 40 lawsuits have already been filed against Target, the first of which was filed the day after the breach became public. This…
Yet Another Potential Multimillion-Dollar Data Breach Settlement . . .
Just when you thought it might be safe to go back into the water, another significant data breach lawsuit may be settling. Last week, I wrote about the proposed settlement in the AvMed lawsuit. The motion for a preliminary proposed settlement in that case was granted on Friday, and a Final Hearing is set for…