Tag Archives: data breach

Standing in Data Breach Litigation: Will the U.S. Supreme Court Weigh In?

The U.S. Supreme Court may finally weigh in on the hottest issue in data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data … Continue Reading

NYS Education Department Proposes to Significantly Strengthen Data Security and Privacy Protocol

Co-Author: Gabrielle Bruno Government agencies, businesses, hospitals and universities are the frequent targets of staggering data breaches that can affect millions of individuals. But K-12 schools are also at risk for cyber attacks as they rely more on technology for day-to-day operations and typically maintain a wealth of sensitive information about their students, teachers, administrators … Continue Reading

Data Privacy Day – Special Report – California Consumer Privacy Act FAQs for Employers

Happy Data Privacy Day from the Jackson Lewis Privacy, Data and Cybersecurity Team! In Honor of National Privacy Day, we are focused on what is sure to be one of the hottest issues of 2019 and present our FAQs for employers on the California Consumer Privacy Act (CCPA). As you know, data privacy and security … Continue Reading

Updates to Massachusetts Breach Notification Law – Much More Than Mandatory Credit Monitoring

Observers of the recent changes in the Massachusetts data breach notification law likely will focus on the addition of the obligation to provide 18 months of credit monitoring following a breach involving Social Security numbers (42 months, if the breached entity is a consumer reporting agency). This certainly is a significant change, making Massachusetts only … Continue Reading

North Carolina AG Seeks Breach Notification for Ransomware, Other Enhancements to Data Breach Law

According to SC Magazine, an escalating number of victims of data breaches in 2017 have led Attorney General Josh Stein and state Rep. Jason Saine to propose updates to the state’s existing data breach notification law – “Act to Strengthen Identity Theft Protections.” The Act would make a number of changes to the existing law, … Continue Reading

California Consumer Privacy Act Amendment Signed Into Law

On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more of … Continue Reading

Louisiana Updates its Data Breach Notification Law

And now it’s Louisiana’s turn! After several states recently enacted or strengthened existing data breach notification laws (Colorado, Arizona, South Dakota and Alabama just to name a few…), on May 20th , Louisiana Governor John Edwards signed an amendment to the state’s Database Security Breach Notification Law (Act 382) which will take effect August 1, … Continue Reading

The Supreme Court Will Rule on Data Breach Class Arbitration Suit

The U.S. Supreme Court recently granted a petition for review of a data breach lawsuit addressing the issue of whether parties can pursue a class arbitration when the language in the arbitration agreement does not explicitly allow for such, Lamps Plus, Inc. v. Varela , No. 17-988, certiorari granted April 30, 2018. The Court will have the … Continue Reading

Arizona Updates Its Data Breach Notification Law

Last month, South Dakota and Alabama became the final two states to enact a data breach notification law. In addition, many other states, in response to trends, heightened public awareness, and a string of large-scale data breaches, have continued amending their existing laws. Arizona is the latest state to update its data breach notification law to … Continue Reading

NIST Releases Updated Version of Its Cybersecurity Framework

On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two years. The Cybersecurity … Continue Reading

Banks Cannot Skirt Contract Remedies in Data Breach Suit Against Retail Merchant

Attempting to advance a novel theory of law, several banks filed a class action in Illinois federal court against a grocery store chain arising out of a data breach that resulted in the theft of 2.4 million credit and debit cards. Community Bank of Trenton v. Schnuck Markets, Inc. After the breach, and based on … Continue Reading

Alabama Becomes the Final State to Enact a Data Breach Notification Law

On March 28th, Alabama Governor Kay Ivey (R) signed into law the Alabama Data Breach Notification Act, Act No. 2018-396, making Alabama the final state to enact a data breach notification law. South Dakota Governor Dennis Daugaard signed into a law a similar statute one-week prior. The Alabama law will take effect June 1, 2018. Being … Continue Reading

South Dakota: The 49th State to Enact a Data Breach Notification Law

It’s official! Alabama is the only remaining state lacking a data breach notification statute. On March 21, 2018 South Dakota Attorney General Marty Jackley announced that Governor Dennis Daugaard signed into law the state’s first data breach notification law, after unanimous approval by both chambers of the state legislature a couple weeks prior. The law … Continue Reading

Cost-Benefit Analysis 101 for Healthcare Providers

Nary a week goes by without news of a data breach by a healthcare provider…while there are certainly a good number of breaches resulting from a breach of cybersecurity defenses or from the wrongful exploitation of system security weaknesses, there is still a risk to healthcare providers resulting from the internal operations of the healthcare … Continue Reading

Alabama Senates Passes Data Breach Notification Act

There are only two states in the U.S. that have yet to enact data breach notification laws, but that may change in 2018. Several weeks ago, the South Dakota state legislature announced that a data breach notification bill (Senate Bill No. 62) was pending.  Now, Alabama is following suit. On March 1st, the Alabama Senate … Continue Reading

South Dakota May Become 49th State to Pass a Data Breach Notification Law

Only two states in the United States lack data breach notification statutes, but that may change in 2018. If legislation pending in South Dakota passes, Alabama would be the only state without a data breach notification law. South Dakota Senate Bill No. 62 would create a breach notification requirement for any person or business conducting … Continue Reading

Employers Can Be Vicariously Liable for Employee Data Breaches

The United Kingdom High Court recently issued a landmark liability judgment against the supermarket, Morrisons, following a data breach caused by a rogue employee (Various Claimants v. WM Morrisons Supermarket [2017] EWHC3113 (QB]). Similar results have been reached in the U.S., but this is the first time the UK Court has addressed the issue of whether … Continue Reading

North Carolina AG Proposes Stronger Breach Notification and Personal Information Safeguard Requirements

Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state residents from becoming victims of identity theft. To do so, the “Act to Strengthen Identity Theft Protections” (see fact … Continue Reading

Federal Court Permits Former Employees’ Data Breach Claims to Move Forward

A data breach occurs in which an outside individual obtains your company’s employees’ W-2 forms including social security numbers, addresses, and salary information. As a result, your company notifies all affected employees, explains what occurred, and offers a complimentary two-year membership to a service that helps detect misuse of personal information.   Is your company liable … Continue Reading

Senate Bill Introduced to Protect Personally Identifiable Information

Primarily motivated by several recent massive data breaches, Senate Democrats recently introduced a bill geared toward protecting Americans’ personal information against cyber attacks and to ensure timely notification and protection when data is breached. The Consumer Privacy Protection Act of 2017 provides that companies that collect and hold data on at least 10,000 Americans would … Continue Reading

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the Department of Health and Human Services’ Office for Civil Rights in September 2017.  Healthcare providers suffered the most breaches with … Continue Reading

SCOTUS Will Not Review CFAA Password Sharing Case

The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former employer’s … Continue Reading

New York AG Announces SHIELD Act

On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of their personal information. “It’s clear that New York’s … Continue Reading
LexBlog