Archives: Data Security

Subscribe to Data Security RSS Feed

FTC Settles Ashley Madison Data Breach Complaint

The operators of Ashley Madison, the dating website for married people that became famous following its massive data breach in 2015, settled claims brought by the Federal Trade Commission (“FTC”) regarding that breach and their security practices and representations. Ruby Corp., Ruby Life Inc., and ADL Media Inc. (collectively, “Ruby”), named as defendants, were responsible … Continue Reading

One Good Deal After Another – Navy Data Breach, Damages and Sovereign Immunity

“One good deal after another” – This old expression from my time of service in the USN popped into my head as I read news of the latest breach of information regarding Navy personnel. In sum, reported the Navy on November 23, the laptop of a government contractor supporting a naval contract was “compromised” and … Continue Reading

Proper Handling of Biometric Data — Lessons Learned from a $1.5 Million Illinois Class Action Settlement

In 2008, Illinois passed the Biometric Information Privacy Act, 740 ILCS 14/1 (the Act or BIPA), which requires companies to obtain a person’s consent before collecting that person’s biometric data. Illinois, unlike other states such as Texas, provides a private right of action for individuals whose data was collected without proper notification and consent. Under … Continue Reading

Strike Three – You’re Out – Data Breach Shareholder Derivative Lawsuit Against Home Depot Dismissed

On November 30, 2016, Judge Thomas W. Thrash dismissed a shareholder derivative action brought against Home Depot as a result of the breach of its security systems and theft of its customers’ personal financial data (“the Breach”) in 2014. In Re The Home Depot, Inc. Shareholder Derivative Litigation, Civ. No. 1:15-CV-2999, 2016 WL 6995676 (N.D. … Continue Reading

Governmental Updates You Need to Know About

In the past few weeks, the government issued alerts and guidance on two noteworthy topics involving data security issues: phishing and ransomware – discussed below: Don’t Get Phished: OCR Warns of Phishing Scheme Targeting HIPAA Covered Entities & Business Associates As previously reported in the March 21, 2016 and July 12, 2016 Blog Posts, the … Continue Reading

FCC Announces New Rules to Protect Online Privacy

On October 27, the Federal Communications Commission (FCC), by a 3-2 vote, approved new rules regarding how Internet Service Providers (ISPs) handle their customers’ browsing history, mobile location data and other sensitive information generated by virtue of their customers’ use of the Internet. The agency is looking to restrict ISPs ability to share with advertisers … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading

Crime Policy Does Not Cover Loss of Company Funds Resulting From Social Engineering Scheme

In a long-awaited decision (at least by the parties and fidelity law practitioners) the Fifth Circuit Court of Appeals has held that a “Computer Fraud” Insuring Agreement in a Crime Insurance Policy does not cover the insured’s loss after its employees were tricked into wiring approximately $7 million to a fraudulent bank account set up … Continue Reading

Wearable Tech: Where Data Privacy Collides with Employment Law

As wearable devices like FitBit, Garmin, and Jawbone and a culture of wellness in the workplace proliferate, employers who adopt such technology should be mindful of federal and state privacy laws, as well as the myriad of employment laws that are implicated by the use of these devices. The aggressive stance taken by federal employment … Continue Reading

NY Cybersecurity Regs Could Spur Legal Work Nationwide

Orange County Partner Scott Lyon was recently quoted in Corporate Counsel’s article “NY Cybersecurity Regs Could Spur Legal Work Nationwide.” The article examines New York’s new proposed cybersecurity for financial institutions and insurers. Please click here to read the full article. (Subscription required)… Continue Reading

Article III Standing is Not the Only Hurdle in Data Breach Litigation – So Says the Seventh Circuit Courts

In the past week, two different Illinois federal courts have given financial institutions and merchants a second chance to try to allege claims arising from data breaches that can withstand the rigors of a motion to dismiss under Federal Rule 12 (b) (6). In Community Bank of Trenton et al. v. Schnuck Markets Inc., case … Continue Reading

House Committee Report Details Extent of OPM Security Failures Resulting In Breach of Over 30 Million Records

According to a report by the Republicans on the U.S. House Oversight & Government Reform Committee, the hack of the Office of Personnel Management (OPM) was the direct result of the agency’s long-standing failure to properly “prioritize cybersecurity and adequately secure high value data.” The breach, which has been attributed to at least two Chinese … Continue Reading

Sedgwick’s Cinthia Motley speaking at ACI’s 14th Advanced Forum on Cyber & Data Risk Insurance

Coverage, Underwriting and Claims Strategies for Managing Privacy/Security, Data and Network Risk and Liability Who Should Attend: Insurance professionals, in-house counsel, and outside counsel specializing in technology, products, pricing, coverage options, prevention strategies and more. Where: Park Central Hotel, San Francisco, CA When: November 30 – December 1, 2016 Register at: In its 14th … Continue Reading

FTC Takes LabMD to Task for Inadequate Computer Security Practices in Violation of Section 5(n)

In a unanimous opinion, the Federal Trade Commission ruled that an Administrative Law Judge erred when he concluded that the FTC failed to prove that LabMD, a Georgia-based clinical testing laboratory, had engaged in an “unfair or deceptive trade practice” based on inadequate computer security for records containing protected health information (PHI) and sensitive personally … Continue Reading

Ransomware article by Scott Lyon published in Today’s General Counsel

The article “Lessons from Ransomware Attacks on Healthcare Providers” by Scott Lyon was published in the June/July issue of Today’s General Counsel. The article addresses the recent ransomware attacks on healthcare providers and proposes strategies for any company to avoid or mitigate ransomware attacks. Click here to view the article.… Continue Reading

Upcoming Event: Critical Updates on HIPPA Enforcement Actions and 2016 OCR Audits

Wednesday, June 22, 2016 11 a.m. PT/1 p.m. CT/ 2 p.m. ET Who: Lawyers and non-lawyers, insurers and commercial claims representatives. Where: At your desk. (There is no dial-in required; the audio will stream through your computer). How: Register here. The Midwest Claims Association and Sedgwick LLP cordially invite you to join us for this … Continue Reading

U.S. Supreme Court Ruling in Spokeo: How Will It Impact Data Breach Litigation?

The decision of the U.S. Supreme Court on May 16 to remand a case addressing whether a violation of a statutory right is sufficient to satisfy the “injury-in-fact” requirement for standing in federal actions has resulted in an interesting range of discussions as to whether it makes assertion of class actions based on statutory violations … Continue Reading

Data Breach Class Actions Survive Standing Challenge in 7th Circuit’s Decision in Lewert v. PF Chang’s

Potential defendants to data breach class actions received unwelcome news from the 7th Circuit Court of Appeal on April 14 when it reversed a District Court’s decision to dismiss a potential class action against PF Chang’s, a nation-wide restaurant chain which suffered a hacking attack affecting customers’ credit and debit card information.  The District Court … Continue Reading

Lawyers Beware: Legal Malpractice Suit Arising out of Data Breach

In what may be a new twist on legal malpractice claims, a New York couple filed a complaint against their real estate attorney based on their falling victim to a social engineering data breach. On April 18, 2016, the couple filed a two-count complaint alleging claims for legal malpractice and breach of fiduciary based on … Continue Reading

Refining Discovery Requests in Data Breach Litigation: Parties Now Also Face “Proportionality” Considerations

As data breach litigation increasingly involves at least some discovery, disputes are now generating decisions that provide guidelines on the scope of what courts will consider a permissible discovery demands. Impacting their analysis is the recent amendment to Federal Rule of Civil Procedure 26(b)(1) and its shift in focus from relevance to the proportionality of … Continue Reading