A data security incident will always require a technical response, and usually that technical response will come from outside experts. Those experts are hired to investigate and remediate an incident. Since data incidents can lead to government investigations and litigation, the question is whether digital forensics reports from those vendors — and the communications around those reports — will be subject to discovery when litigation occurs. A recent decision in this important and evolving area of case law makes clear that protecting those reports and communications is very difficult,… More
Category Archives: Litigation
Minimizing Risk and Liability from Man in the Middle Attacks (or, How to Keep Your Company’s Wire Transfers from Going Awry)
Imagine this scenario: you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party. You have built up quite a bit of trust over the years, and communicate regularly over email. Your email communications include you receiving invoices and then confirming payment; your email messages might include a note about an upcoming shipment or provision of services, or even a note wishing the family well.… More
The long-anticipated decision in LabMD v. FTC has finally arrived. The 11th Circuit held that the FTC’s cease-and-desist order against LabMD is unenforceable:
In sum, assuming arguendo that LabMD’s negligent failure to implement and maintain a reasonable data-security program constituted an unfair act or practice under Section 5(a), the Commission’s cease and desist order is nonetheless unenforceable. It does not enjoin a specific act or practice.… More
Editors’ Note: This is the fifth in a multi-part end-of-year series examining important trends in data privacy and cybersecurity during the coming year. Previous installments include analyses of HIPAA compliance, emerging security threats, federal enforcement trends, and state enforcement trends. Up next: Education.
The term “biometrics” may conjure up images of Gattaca or Minority Report,… More
Editors’ Note: The following is an excerpt from an article published by SearchSecurity. To read the full article, click here. Registration required.
A data breach is a business crisis that can have enduring ramifications. While the discovery of a breach can initiate a drill — investigating what happened, remediating the security gaps, engaging law enforcement, and complying with state and federal notification laws —… More
Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.… More
In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More
Plaintiffs presenting a claim in federal court must have standing to sue, under Article III of the Constitution (as we have written about in the past). The Second Circuit recently entered an order reminding plaintiffs, defendants, and their attorneys just how difficult overcoming the standing hurdle can be for individuals suing in the wake of a data breach.
In Whalen v.… More