A key issue for any business facing class action litigation in response to a data breach is whether the plaintiffs, particularly consumers, will have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data breach. Plaintiffs
Fourth Circuit Weighs in on Standing in Data Breach Litigation
Cybersecurity incidents are on the rise, and so too is data breach litigation brought by plaintiffs who allege they were harmed by the unauthorized exposure of their personal information. Federal circuits across the United States are grappling with the issue of what satisfies the Article III standing requirement in data breach litigation, when often only
California Governor Signs Into Law Groundbreaking Consumer Protection Law
As we reported earlier this week, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar
Virginia Updates its Data Breach Notification Law to Include Tax Preparers
For the second consecutive year Virginia has amended its data breach notification law. In March 2017, in light of a warning issued by the IRS to all employers regarding the resurgence of a W-2 based cyber scam, Virginia Governor Terry McAuliffe approved, a first of its kind, amendment to Virginia’s data breach notification statute.
California May Be Headed Towards Sweeping Consumer Privacy Protections
On June 21st, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar
Louisiana Updates its Data Breach Notification Law
And now it’s Louisiana’s turn! After several states recently enacted or strengthened existing data breach notification laws (Colorado, Arizona, South Dakota and Alabama just to name a few…), on May 20th , Louisiana Governor John Edwards signed an amendment to the state’s Database Security Breach Notification Law (Act 382)
Colorado Strengthens its Consumer Data Protection Law
Back in January, Colorado lawmakers on both sides of the aisle introduced a groundbreaking new bill requiring “reasonable security procedures and practices” for protecting personal identifying information, limiting the time frame to notify affected Colorado residents and the Attorney General of a data breach, and imposing data disposal rules, HB 1128. Now, Colorado Governor
The FTC Announces a National Cybersecurity Education Campaign for Small Businesses
The Federal Trade Commission (FTC) recently announced that it will launch a national education campaign to aid the small business sector in strengthening its cybersecurity and protecting its sensitive and personal data.
The national education campaign builds on the FTC’s 2017 Small Business Initiative which included the creation of a new website: FTC.gov/SmallBusiness aimed at
The U.S. Supreme Court Dismisses U.S. v. Microsoft Following Passage of the CLOUD Act
On April 17th, the U.S. Supreme Court dismissed the highly anticipated U.S. v. Microsoft, ruling that recently enacted legislation rendered the case moot. Microsoft Corp. had been in litigation with the U.S. Department of Justice (DOJ) for several years over the issue of whether Microsoft must comply with a U.S. search warrant
“Your Own Cybersecurity Is Not Enough”: NJ Physician Practice Fined Over $400,000 for Data Breach Caused By Vendor
Last week, New Jersey Attorney General Gurbir S. Grewal and the New Jersey Division of Consumer Affairs (“Division”) announced that a physician group affiliated with more than 50 South Jersey medical and surgical practices agreed to pay $417,816 and improve data security practices to settle allegations it failed to properly protect the privacy of more