Analyzes two recent cyber insurance subrogation cases and provides insights on how insurers can manage escalating cyber losses.
Summarizes the significance of Illinois SB 2979, which significantly reduces the damages available under Illinois’ BIPA and limits the danger of catastrophic damages awards that could bankrupt smaller employers.
Explores the Visual Pak case and its impact on whether insurers in Illinois have an obligation to defend their insureds in BIPA litigation.
Discusses the rationale for FTC changes to Safeguards Rule, as well as noting types of business entities affected. Includes brief history of Rules’ origins.
Describes changes in redaction requirements for all materials filed in Missouri courts from updates and revisions to the Missouri Rule of Civil Procedure.
Using Remprex v. Lloyd’s London, this post analyzes the mixed rulings surrounding the question: is the defense of BIPA lawsuits covered by insurance.
Analyzes conflicting federal court decisions on policy exclusions insurers have pressed for denying coverage in BIPA litigation
Analyzes why corporate defendants in Illinois BIPA cases hope pending appellate rulings allow preemption by statute of limitations and exclusivity of work comp
Illinois' Supreme Court is set to decide if the exclusivity provisions of the Workers’ Compensation Act bar a BIPA claim
Illinois appellate court is poised to determine SOL for BIPA claims: one-year invasion of privacy, two-year statutory, or five-year general
An Unexpected Adversary and Risk in Notice Decisions?
You expect consumer complaints and even class action threats in the wake of a law firm data breach. But does a defense law firm expect to be sued by the carrier for the clients it represents? Whether surprising or not, it is happening and law firms must take note. In today’s world there are sometimes tensions between the interests of insurance companies and the law firms engaged to represent the ultimate client—the insureds. Now, it appears that law firms’ decisions following information security incidents have advanced up ...
Facebook boasts of connecting us, of connecting users from across the world and uniting them by common interests and friendships. One of the features for connecting users is the tagging feature – a way to indicate who is appearing in a photograph. Facebook users can tag themselves and also tag their friends. Facebook can also participate, using facial-recognition software to suggest the names of the people appearing in a users’ photos. See Patel v. Facebook, Inc., 932 F.3d 1264, 1268 (9th Cir. 2019) (“If Tag Suggestions is enabled, Facebook may use facial-recognition ...
The Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. 740 ILCS 14/15. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits – the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. Id. But in the last few years, BIPA – with its statutory penalties of $1,000 for each negligent violation and $5,000 for each intentional or reckless violation – has quickly become the bane of corporate ...
The Biometric Information Privacy Act (BIPA) establishes safeguards and procedures relating to the retention, collection, disclosure, and destruction of biometric data. Passed in October 2008, BIPA is intended to protect a person’s unique biological traits—the data encompassed in a person’s fingerprint, voice print, retinal scan, or facial geometry. This information is the most sensitive data belonging to an individual. Unlike a PIN code or a social security number, once biometric data is compromised, “the individual has no recourse, is at [a] heightened risk for ...
Every day, at sites across the United States, federal agents search container ships, trucks, cars, and aircraft entering the country. Now, increasingly, federal agents are also searching the electronic devices of the individuals entering the country – from citizens to permanent residents to tourists. See United States v. Cotterman, 709 F.3d 952, 956 (9th Cir. 2013) (en banc) (“Every day more than a million people cross American borders [and] . . . they carry with them laptop computers, iPhones, iPads, iPods, Kindles, Nooks, Surfaces, tablets, Blackberries, cell ...
Every year, as tax season arrives, new and increasingly diabolic scams to pilfer and misuse taxpayer information surface. In prior years, cyber fraudsters targeted unsuspecting individual taxpayers to trick them into revealing their personal information through direct telephone or email scams. Major data breaches, such as Equifax, which is now known to have included millions of additional victims and more forms of personal identifying and financial data than originally disclosed, only exacerbate the problem. As the public has learned more about identity theft ...
Today the U.S. Supreme Court denied a cert petition in a matter aimed at resolving whether a plaintiff who alleges a substantial risk of harm in the future has standing under Article III of the Constitution. A ruling in the case, CareFirst v. Attias, would have had major implications for data-breach litigation and in class actions generally.
A quick refresher on standing. To satisfy Article III’s standing requirements, a plaintiff must show (1) he has suffered an “injury in fact” that is (a) concrete and particularized and (b) actual or imminent, not conjectural or ...
Fast food restaurant chain Arby’s Restaurant Group Inc. is known for its great hot roast beef sandwiches and catchy slogan: “We have the Meats!” Arby’s is now communicating a different message; it may be the latest victim of a significant cyber breach.
How are we to digest this? We have grown somewhat immune to the now frequent website notices or press releases that announce that although no one is known to have been harmed, yet another potential information security incident has taken place at yet another company that may have once again exposed customer information.
So what ...
It appears to be innocent and routine. The CFO of your company forwards to you an urgent-sounding, personally addressed email from the Securities Exchange Commission’s EDGAR public filing system announcing changes to the reporting system. Last week you signed the attestation of the accuracy of your Quarterly Report on SEC Form 10-Q. You hope you have not made a mistake or missed an important change. You look over the email again. At first glance it appears legit:
Or it might be your worst nightmare: an email from the SEC questioning your firm’s disclosures, revenue recognition ...
I remember in drivers’ education class being shown the obligatory scary movie on railroad crossing accidents. After the wreck, one salty old train engineer says to another, looking at the demolished car, “Why don’t they learn, Slim?” “I don’t know, Jim,” the other fellow says, scratching his furrowed brow.
In the information security world, we are past the need for scare tactics. Only an ostrich might be oblivious to the heightened cyber risks these days and their increasing frequency. Nevertheless, periodically you see cautionary reminders of mistakes that are ...
A Meaningful Class Action Defense Tool?
On May 16, 2016 the High Court finally spoke on Spokeo, the long anticipated case involving what injury is necessary to sustain Article III standing in federal court. Some predicted a blow to consumer protection and privacy related class actions in which neither the class representative nor the class as a whole suffered anything but a technical federal statutory violation without real harm.
In the underlying case, Thomas Robins claimed that Spokeo published false information about him on its search engine site, in violation of his rights under ...
A New York trial judge’s recent decision in Zurich American Insurance v. Sony Corporation of America has set the legal blogosphere aflutter with arguments and counter-arguments as to whether cyber liability and data breach claims fall within the “Personal and Advertising Injury Liability” coverage section (Coverage B) afforded by most commercial general liability (CGL) policies. A new set of data breach exclusionary endorsements, however, filed in many jurisdictions by Insurance Services Office, Inc. (ISO) and set to take effect this month, May 2014, appear poised to ...
