One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D.
Data Breach
Incident Response: The Increasing Risks to Corporate Legal Departments
By Al Saikali on
The consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here…
Law Firm Data Security: The First Class Action
By Al Saikali on
Earlier this year, Bloomberg Law reported that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against a regional law firm that had vulnerabilities in its information security systems. This week, the identity of the firm and the allegations of the lawsuit were unsealed. The case,…
The SEC Makes Clear There is No Room For Error in Cybersecurity
By Al Saikali on
The SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was…
60 Minutes Reports on Payment Card Data Breaches
By Al Saikali on
Ever wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black…
Why Every Business Should Care About Florida’s Information Protection Act
By Al Saikali on
My last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature…
The Target Data Breach Lawsuits: Why Every Company Should Care
By Al Saikali on
Plaintiffs’ lawyers were falling over themselves last week in a race to the courthouse to sue Target as a result of its recent data breach. By at least one report, over 40 lawsuits have already been filed against Target, the first of which was filed the day after the breach became public. This…
Yet Another Potential Multimillion-Dollar Data Breach Settlement . . .
By Al Saikali on
Just when you thought it might be safe to go back into the water, another significant data breach lawsuit may be settling. Last week, I wrote about the proposed settlement in the AvMed lawsuit. The motion for a preliminary proposed settlement in that case was granted on Friday, and a Final Hearing is set for…
$3,000,000 Settlement Reached in Data Breach Lawsuit
By Al Saikali on
How much of a headache can a couple of stolen laptops cause your organization? How about a $3 million headache?? That is the amount of a settlement proposed in an Unopposed Motion in Support of Preliminary Approval of Class Action Settlement in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit…
Data Breach Lawsuits Settling in the Southern District of Florida
By Al Saikali on
Plaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment. A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense. It is dangerous, however,…