Showing 16 posts by Chad Layton.
On September 18, 2020, the Fifth District Appellate Court in Illinois unanimously held that the exclusivity provision of Illinois’ Workers Compensation Act does not bar employees’ statutory damages claims for violation of Illinois’ biometric privacy law. The Fifth District’s ruling has eliminated a key defense advanced by employers defending against alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”).
In 2017, plaintiff Marquita McDonald filed a class action lawsuit against her employer Symphony Bronzeville, Park, LLC. Plaintiff alleged that the defendant-employer required its employees to provide biometric information by scanning fingerprints into a fingerprint-based time clock system. The lawsuit alleged that the employer violated BIPA by: (1) failing to inform employees in advance and in writing of the specific purpose and length of time for which their fingerprints were being collected, stored, and used; (2) failing to provide a publicly available retention schedule and guidelines for permanently destroying the scanned fingerprints; and (3) failing to obtain a written release from employers prior to collecting their fingerprints. More »
One longstanding debate among U.S. District Courts lies at the very heart of the judicial process—what, precisely, is sufficient to confer Article III standing in lawsuits alleging violations of Illinois’ Biometric Information Privacy Act (“BIPA”)? The Seventh Circuit has now provided clarity for certain BIPA claims. More »
Cyber resilience is an essential component of modern-day life in corporate America. It is critical that companies of all sizes take reasonable steps to prepare for an adverse cyber event that is, in all likelihood, inevitable in today’s business climate. The COVID-19 pandemic has brought with it a heightened cyber threat to companies that have increasingly embraced remote employment, as well as to critical industries including medical manufacturers and suppliers, financial services, healthcare, and others. Industry data indicates that cyber criminals have recently increased phishing campaigns and malware attacks. In times such as these, it is prudent for a company to evaluate its cyber-risk management and resilience practices – its ability to execute and deliver its business function following an adverse cyber event. More »
New York will soon take another step forward towards protecting residents’ confidential data. As of March 21, 2020, any company that owns or licenses computer data that contains the private information of a New York resident must implement and maintain reasonable measures to protect that information. This new legislation impacts any business that obtains or preserves New York residents’ confidential information regardless of where that business is located. New York’s expanding protection serves as yet another reminder of the importance of corporate cyber-resilience.
In 2005, New York enacted the “Information Security Breach and Notification Act.” (“Notification Act”). As with other states throughout the country, the New York State legislature recognized the significant adverse impact of data security breaches as well as identity theft, and further recognized that New York residents were “hindered by a lack of information regarding breaches. . . .” Accordingly, the state legislature enacted the Notification Act to ensure that New York residents are properly informed in the event of a data breach, as such information would empower residents to implement measures designed to repair damage and, if possible, prevent future damage from a data breach. More »
CYBER RISK CLIENT ALERT: Will This Become a National Trend? Pennsylvania Supreme Court Rules That Employers Have a Legal Duty to Protect Employees' Electronic Data
Recently, the Pennsylvania Supreme Court, in Dittman v. UPMC, ruled that employers have a have a legal duty to exercise reasonable care to safeguard employees’ electronically stored personal information. The dispute in Dittman arose after a data breach at the University of Pittsburgh Medical Center (“UPMC”) impacted 62,000 employees. Hackers accessed UPMC’s computer system, and stole employees’ personal and financial information including birth dates, social security numbers, tax forms, addresses and bank account information. More »
Illinois Appellate Court Concludes that Actual Harm is not Required under Biometric Information Privacy Act
An Illinois appellate court’s recent opinion may very well open the flood gates for litigation arising out of alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”) by eliminating the need to allege actual harm to have standing to sue. Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175. More »
DATA BREACH LITIGATION UPDATE: District Court Judge Rejects Remijas Settlement and Decertifies Class
A judge for the U.S. District Court for the Northern District of Illinois has dealt the latest blow to a consumer class seeking recovery from Neiman Marcus following the 2013 exposure of credit card information, as the result of a data breach. On September 17, 2018, Judge Sharon Johnson Coleman decertified the class and rejected a $1.6 million settlement reached between the class and Neiman Marcus Group LLC. More »
The risk of a cyber-attack is not just a “big business” problem. Due to the media’s reporting, many organizations have the impression that large companies – such as Target and Experian – are the only victims of cyber hacks and breaches. This line of thinking, however, is inconsistent with industry data, which demonstrates that small and mid-size companies are, in fact, vulnerable to this risk.
Companies of all sizes, large and small, must ask themselves whether competitors are trying to steal their trade secrets, whether companies or others are interested in their intellectual property, and whether their business contracts make them a target for a security breach. The regulatory and litigation costs associated with a data breach are monumental and, in some cases – especially those involving small or mid-sized companies – can be catastrophic. It therefore behooves every company, regardless of size, to create an effective strategy for managing and minimizing the risk of a cyber event.
There is no cookie cutter approach to managing this risk, and a cyber risk management strategy must be tailored to a company’s specific needs. As discussed below, best practices provide that a company must assess and address its cyber risk, and engage in additional activities in order to effectively manage this risk. More »
The battle over standing in cyber-security litigation continues. . . .
The latest example appears to be related to a data-breach involving the Hudson Bay Company. Founded in 1670, the Hudson Bay Company is one of the oldest companies in North America. On April 1, 2018 it joined the ever growing list of corporations that have been victimized by cyber-security breaches. Specifically, the Hudson Bay Company, which is the corporate parent of luxury department stores Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor, posted a statement on its company web pages explaining that it had become aware of a data security issue involving customer payment data at certain North American stores. The statement goes on to inform customers that Hudson Bay Company is working with security investigators regarding the breach. On April 2nd, the statement was updated to reassure customers that there was no indication that social security numbers, drivers licenses numbers, and pins had been compromised, and that the company was conducting a diligent investigation to gain an understanding of the scope of the breach. More »
CYBER RISK CLIENT ALERT: The Circuit Split Continues When It Comes to Standing in Cybersecurity Litigation
U.S. Supreme Court Denies Cert in Recent Case in Which The D.C. Circuit Concluded That “Risk of Future Harm” Is Sufficient to Prove Standing
Federal Circuit Courts will remain split on what constitutes a “concrete injury” sufficient to establish standing in cybersecurity litigation after the Supreme Court recently denied certification of an appeal from the D.C. Circuit Court of Appeals in Attias v. CareFirst, Inc. On August 1, 2017, a three-judge panel in the D.C. Circuit issued a unanimous decision stating that the risk of future harm is sufficient to establish Article III standing in data breach cases. This decision serves as the latest ruling in a continued split among circuit courts across the nation. The District Court’s holding is now final, as the U.S. Supreme Court denied certification on February 20, 2018. More »
- Now That Vaccine Distribution Has Begun, What Issues Do Employers Face?
- Immunity From Liability For Healthcare Facilities and Healthcare Professionals in the Continuing Battle Against the Covid-19 Pandemic
- A National Approach to Biometric Privacy
- Illinois Appellate Court Says the Learned Intermediary Doctrine Does Not Shield a Device Manufacturer from Liability When a Doctor is Deceived About a Device’s Prior Testing and Suitability
- Remote Jury Selection by Video Conferencing
- Illinois Appellate Court Eliminates Key Defense to BIPA Claims
- What is Amy Coney Barrett’s Record on Federal Preemption and What Does it Mean for Future SCOTUS Rulings in Drug and Medical Device Litigation?
- COVID Delivers Fraud to the Trucking Industry
- The Application of the Doctrine of Collateral Estoppel to Bar Legal Malpractice Claims Following Allegations of Ineffective Assistance of Counsel
- Prefabricated Construction Liability
- Professional Liability
- Class Action
- Insurance Coverage
- Insurance & Reinsurance Litigation & Counseling
- Complex Commercial Litigation
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Construction Litigation & Counseling
- Workers' Compensation
- Product Liability
- Pharmaceutical & Medical Device Litigation
- Discrimination, Harassment & Hostile Workplace Claims
- Medical Negligence & Healthcare Liability
- Social Media & Privacy
- Employment Litigation & Counseling