Category Archives: Litigation

Can You Still Protect Digital Forensic Reports From Discovery? It’s Getting Harder.

A data security incident will always require a technical response, and usually that technical response will come from outside experts.  Those experts are hired to investigate and remediate an incident.  Since data incidents can lead to government investigations and litigation, the question is whether digital forensics reports from those vendors — and the communications around those reports — will be subject to discovery when litigation occurs.  A recent decision in this important and evolving area of case law makes clear that protecting those reports and communications is very difficult,… More

Minimizing Risk and Liability from Man in the Middle Attacks (or, How to Keep Your Company’s Wire Transfers from Going Awry)

Imagine this scenario:  you’ve had a productive and mutually advantageous ongoing contractual relationship of several years with another party.  You have built up quite a bit of trust over the years, and communicate regularly over email.  Your email communications include you receiving invoices and then confirming payment; your email messages might include a note about an upcoming shipment or provision of services, or even a note wishing the family well.… More

11th Circuit Issues LabMD Decision, and Wants More Specificity

The long-anticipated decision in LabMD v. FTC has finally arrived. The 11th Circuit held that the FTC’s cease-and-desist order against LabMD is unenforceable:

In sum, assuming arguendo that LabMD’s negligent failure to implement and maintain a reasonable data-security program constituted an unfair act or practice under Section 5(a), the Commission’s cease and desist order is nonetheless unenforceable. It does not enjoin a specific act or practice.… More

Data Breach Litigation: What Enterprises Should Know (from SearchSecurity)

Editors’ Note:  The following is an excerpt from an article published by SearchSecurity.  To read the full article, click here.  Registration required.

A data breach is a business crisis that can have enduring ramifications. While the discovery of a breach can initiate a drill — investigating what happened, remediating the security gaps, engaging law enforcement, and complying with state and federal notification laws —… More

Webinar on September 13: Privacy and Data Security for the Generalist In-House Counsel

Privacy and data security have rocketed to the top of the list of concerns for all corporate boards. Whether you are a technology company, a biotech, or a traditional widget maker, your company has confidential information about its products, customers and employees. And that information has to be protected as a matter of law, both by statute and under contracts with your customers and suppliers.… More

Mistake in Your Credit Report? The Latest Spokeo Decision Suggests You May Have A Case.

In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More