One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from discovery in civil class action lawsuits. They are, at least according to an order issued last week in In re Experian Data Breach Litigation. 15-01592 (C.D. Cal…. Continue Reading
Category Archives: Data Breach
Subscribe to Data Breach RSS FeedIncident Response: The Increasing Risks to Corporate Legal Departments
Posted in Data Breach, Data Breach, Data SecurityThe consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here are… Continue Reading
Law Firm Data Security: The First Class Action
Posted in Data Breach, Data Security, Law firm data security, Lawsuits, Vendor ManagementEarlier this year, Bloomberg Law reported that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against a regional law firm that had vulnerabilities in its information security systems. This week, the identity of the firm and the allegations of the lawsuit were unsealed. The case, Shore v…. Continue Reading
The SEC Makes Clear There is No Room For Error in Cybersecurity
Posted in Being Proactive, Data Breach, Data Security, SECThe SEC recently agreed to a $1,000,000 settlement of an enforcement action against Morgan Stanley for its failure to have sufficient data security policies and procedures to protect customer data. The settlement was significant for its amount. The true noteworthiness here, however, lies not in the end result but the implications of how it was… Continue Reading
60 Minutes Reports on Payment Card Data Breaches
Posted in Data Breach, Data Breach, Data SecurityEver wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black… Continue Reading
Why Every Business Should Care About Florida’s Information Protection Act
Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data SecurityMy last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading
The Target Data Breach Lawsuits: Why Every Company Should Care
Posted in Data Breach, Data Security, LawsuitsPlaintiffs’ lawyers were falling over themselves last week in a race to the courthouse to sue Target as a result of its recent data breach. By at least one report, over 40 lawsuits have already been filed against Target, the first of which was filed the day after the breach became public. This post will… Continue Reading
Yet Another Potential Multimillion-Dollar Data Breach Settlement . . .
Posted in Data Breach, Data Security, LawsuitsJust when you thought it might be safe to go back into the water, another significant data breach lawsuit may be settling. Last week, I wrote about the proposed settlement in the AvMed lawsuit. The motion for a preliminary proposed settlement in that case was granted on Friday, and a Final Hearing is set for… Continue Reading
$3,000,000 Settlement Reached in Data Breach Lawsuit
Posted in Data Breach, Data Security, LawsuitsHow much of a headache can a couple of stolen laptops cause your organization? How about a $3 million headache?? That is the amount of a settlement proposed in an Unopposed Motion in Support of Preliminary Approval of Class Action Settlement in Resnick/Curry v. AvMed, Inc., No. 1:10-cv-24513-JLK (S.D. Fla.), a data breach lawsuit pending in the Southern District of… Continue Reading
Data Breach Lawsuits Settling in the Southern District of Florida
Posted in Data Breach, Data Security, LawsuitsPlaintiffs in data breach lawsuits around the country have had a difficult time surviving motions to dismiss and for summary judgment. A number of courts have rejected these lawsuits because they failed to allege or demonstrate cognizable injuries, standing, causation, and the requisite elements to withstand an economic loss rule defense. It is dangerous, however,… Continue Reading
Healthcare Organizations Take It On The Chin
Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, LawsuitsIf you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone. The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading
U.S. Senate Considers Federal Data Security Legislation
Posted in Data Breach, Data Breach, Data Privacy, Data SecurityLegislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents. The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations: to secure personal information and to notify… Continue Reading
What Does A Cyber Attack Look Like?
Posted in All Things E, Data Breach, Data SecurityThe phrase “cyber attack” elicits thoughts of a compromised information system, a crashed computer network, or inappropriate access to sensitive electronic information. It doesn’t usually conjure up images of machinery setting on fire, and smoke emerging from a factory. Nevertheless, here is a video of an experimental cyber attack named Aurora, which took place on… Continue Reading
Data Breach Lawsuits – Revisiting the Risks
Posted in Data Breach, Data Breach, Data Privacy, Data Security, LawsuitsUntil recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
New U.S. Supreme Court Decision Will Likely Impact Data Breach Litigation
Posted in Data Breach, Data Security, LawsuitsThe following Data Security Law Journal post was authored by Becky Schwartz, my law partner at Shook Hardy & Bacon. Becky is an experienced class action litigator who has developed a specialty in privacy litigation. In this post, Becky discusses a recent U.S. Supreme Court decision that may make it more difficult for consumers to… Continue Reading
The Southern District of Florida Weighs In On Data Breach Lawsuits
Posted in Data Breach, Data Security, LawsuitsLate last week, another Federal District Court (the Southern District of Florida) weighed in on the circumstances under which a plaintiff may sue a breached entity civilly for damages when the plaintiff’s personally identifiable information (PII) is inappropriately accessed or acquired. The Court allowed the case to proceed with counts for violation of Florida’s Unfair… Continue Reading
Private Lawsuits Arising From Data Breaches – The Eleventh Circuit Weighs In
Posted in Data Breach, Data Security, Health Care Industry, LawsuitsLast week, the United States Court of Appeals for the Eleventh Circuit decided Resnick v. AvMed, Inc., No. 11-13694 (11th Cir. Sep. 5, 2012). The Court’s opinion addresses some important issues regarding an individual’s right to bring a private lawsuit when her personally identifiable information or protected health information is compromised. In its decision, the… Continue Reading
LinkedIn Sued Over Data Breach
Posted in Data Breach, Data Security, LawsuitsWell THAT didn’t take long! Less than 10 days after LinkedIn announced that it suffered a data breach of approximately 6.5 million user passwords, a class action lawsuit was filed against it in California federal court seeking in excess of $5 million. The lawsuit alleges that, contrary to its Privacy Policy, LinkedIn failed to comply… Continue Reading
Federal Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityThe title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do. So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply… Continue Reading
State Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityIn 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach. Criminals stole from ChoicePoint personal information for more than 145,000 individuals. The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized access… Continue Reading
Video Interview: Discussing the Global Payments Inc. Data Breach with LXBN TV
Posted in Data Breach, Data Breach, Data SecurityYesterday I had the opportunity to speak with Colin O’Keefe of LXBN TV regarding the recent major data breach involving Global Payments Inc. In the interview, I explain the background of the breach, which impacted all major credit cards, the lessons companies can learn from the breach and exactly who bears the burden—financially and otherwise—of… Continue Reading
Hacking the “Middle Man”
Posted in Data Breach, Data Breach, Data SecurityAnother massive high profile data breach was in the news this past week. MasterCard, Visa, American Express, and Discover, as well as other banks and franchises were affected. Significantly, the breadth of the effect was not a result of separate attacks against each bank, but rather a hacking of one common third-party service provider—Global Payments… Continue Reading
Private Civil Lawsuits Arising From Data Breaches
Posted in Data Breach, Data Breach, Data SecurityThe U.S. Circuit Court of Appeals for the First Circuit recently weighed in on the causes of action and damages that are (and are not) cognizable in a data breach case. In Anderson v. Hannaford Bros. Co., No 10-2384 (1st Cir. Oct. 20, 2011), the plaintiffs were customers of a grocery store chain. The grocery… Continue Reading
Data Breach — What’s the Harm??
Posted in Data BreachA data breach can result in the exposure of private customer information (credit card information, social security numbers, email addresses, etc.) to unknown third parties who may fraudulently use that information. In instances where the information is used fraudulently, the customer suffers a harm that can usually be quantified or measured in some way. But… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile