Blog

Analyzes conflicting federal court decisions on policy exclusions insurers have pressed for denying coverage in BIPA litigation

Analyzes why corporate defendants in Illinois BIPA cases hope pending appellate rulings allow preemption by statute of limitations and exclusivity of work comp

Illinois' Supreme Court is set to decide if the exclusivity provisions of the Workers’ Compensation Act bar a BIPA claim

Illinois appellate court is poised to determine SOL for BIPA claims: one-year invasion of privacy, two-year statutory, or five-year general

An Unexpected Adversary and Risk in Notice Decisions?

You expect consumer complaints and even class action threats in the wake of a law firm data breach. But does a defense law firm expect to be sued by the carrier for the clients it represents? Whether surprising or not, it is happening and law firms must take note. In today’s world there are sometimes tensions between the interests of insurance companies and the law firms engaged to represent the ultimate client—the insureds. Now, it appears that law firms’ decisions following information security incidents have advanced up ...

Facebook boasts of connecting us, of connecting users from across the world and uniting them by common interests and friendships.  One of the features for connecting users is the tagging feature – a way to indicate who is appearing in a photograph.  Facebook users can tag themselves and also tag their friends.  Facebook can also participate, using facial-recognition software to suggest the names of the people appearing in a users’ photos.  See Patel v. Facebook, Inc., 932 F.3d 1264, 1268 (9th Cir. 2019) (“If Tag Suggestions is enabled, Facebook may use facial-recognition ...

The Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. 740 ILCS 14/15. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits – the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. Id. But in the last few years, BIPA – with its statutory penalties of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation – has quickly become the bane of corporate ...

The Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits—the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. This information is the most sensitive data belonging to an individual. Unlike a PIN code or a social security number, once biometric data is compromised, “the individual has no recourse, is at [a] heightened risk for ...

The Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits – the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. This information is the most sensitive data belonging to an individual. Unlike a PIN code or a social security number, once biometric data is compromised, “the individual has no recourse, is at [a] heightened risk for ...

Pop Quiz

Question 1 - Who is the manufacturer of your router? (If you don't know, don't feel bad. You're not alone.)

Question 2 - What is your router’s “name”? (This one may be easier. Maybe it is “No Wi-Fi No Cry.”)

Question 3 - What is the admin login username to your router? (Is your answer, “See answer to Question 2?”)

Okay, okay. If you're like a lot of my recent test subjects (mostly against their will), you may not know the answers to those questions. That's okay. I'm sure you're still a good person. But, I thought I would take a minute to try to demystify how to ensure ...

When was the last time you had to create a new password and faced criteria such as, “Your password must be eight characters or longer and must contain characters from three of these four categories: a) uppercase (A-Z); b) lowercase (a-z); c) numeric (0-9); and d) nonalphabetic (e.g., !, $, #, %)? After you have digested the rule and created your brilliant password, how many times do you still get an error that your password does not meet the criteria and you have to start all over? It conjures up scenes from Office Space.

I think that we have all come to understand how passwords play a role in ...

Every day, at sites across the United States, federal agents search container ships, trucks, cars, and aircraft entering the country. Now, increasingly, federal agents are also searching the electronic devices of the individuals entering the country – from citizens to permanent residents to tourists. See United States v. Cotterman, 709 F.3d 952, 956 (9th Cir. 2013) (en banc) (“Every day more than a million people cross American borders [and] . . . they carry with them laptop computers, iPhones, iPads, iPods, Kindles, Nooks, Surfaces, tablets, Blackberries, cell ...

Every year, as tax season arrives, new and increasingly diabolic scams to pilfer and misuse taxpayer information surface. In prior years, cyber fraudsters targeted unsuspecting individual taxpayers to trick them into revealing their personal information through direct telephone or email scams.  Major data breaches, such as Equifax, which is now known to have included millions of additional victims and more forms of personal identifying and financial data than originally disclosed, only exacerbate the problem. As the public has learned more about identity theft ...

Between December 2014 and January 2015, Anthem Inc., suffered a massive cyberattack on its computer systems, allowing hackers to steal the health and personal information of nearly 80 million people. In re: Anthem, Inc. Data Breach Litigation, --- F. Supp.3d ----, No. 16-MC-2210 APM, 2017 WL 680378, at *1 (D.D.C. Feb. 21, 2017). Federal employees (who received their health insurance from Anthem through the Federal Employee Health Benefits Program) were among the victims of the hacking. Id.

On May 13, 2016, the Lead Plaintiffs in the multidistrict litigation served a subpoena on the ...

Fast food restaurant chain Arby’s Restaurant Group Inc. is known for its great hot roast beef sandwiches and catchy slogan: “We have the Meats!” Arby’s is now communicating a different message; it may be the latest victim of a significant cyber breach.

How are we to digest this? We have grown somewhat immune to the now frequent website notices or press releases that announce that although no one is known to have been harmed, yet another potential information security incident has taken place at yet another company that may have once again exposed customer information.

So what ...

It appears to be innocent and routine. The CFO of your company forwards to you an urgent-sounding, personally addressed email from the Securities Exchange Commission’s EDGAR public filing system announcing changes to the reporting system. Last week you signed the attestation of the accuracy of your Quarterly Report on SEC Form 10-Q. You hope you have not made a mistake or missed an important change. You look over the email again. At first glance it appears legit:

Or it might be your worst nightmare: an email from the SEC questioning your firm’s disclosures, revenue recognition ...