Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond.
Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in
October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and business associates
On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more
A key issue for any business facing class action litigation in response to a data breach is whether the plaintiffs, particularly consumers, will have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data breach. Plaintiffs
Cybersecurity incidents are on the rise, and so too is data breach litigation brought by plaintiffs who allege they were harmed by the unauthorized exposure of their personal information. Federal circuits across the United States are grappling with the issue of what satisfies the Article III standing requirement in data breach litigation, when often only
As we reported earlier this week, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar
For the second consecutive year Virginia has amended its data breach notification law. In March 2017, in light of a warning issued by the IRS to all employers regarding the resurgence of a W-2 based cyber scam, Virginia Governor Terry McAuliffe approved, a first of its kind, amendment to Virginia’s data breach notification statute.
On June 21st, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar
And now it’s Louisiana’s turn! After several states recently enacted or strengthened existing data breach notification laws (Colorado, Arizona, South Dakota and Alabama just to name a few…), on May 20th , Louisiana Governor John Edwards signed an amendment to the state’s Database Security Breach Notification Law (Act 382)
The U.S. Supreme Court recently granted a petition for review of a data breach lawsuit addressing the issue of whether parties can pursue a class arbitration when the language in the arbitration agreement does not explicitly allow for such, Lamps Plus, Inc. v. Varela , No. 17-988, certiorari granted April 30, 2018. The Court