Showing 21 posts in Cyber Risk & Liability.
Cyber resilience is an essential component of modern-day life in corporate America. It is critical that companies of all sizes take reasonable steps to prepare for an adverse cyber event that is, in all likelihood, inevitable in today’s business climate. The COVID-19 pandemic has brought with it a heightened cyber threat to companies that have increasingly embraced remote employment, as well as to critical industries including medical manufacturers and suppliers, financial services, healthcare, and others. Industry data indicates that cyber criminals have recently increased phishing campaigns and malware attacks. In times such as these, it is prudent for a company to evaluate its cyber-risk management and resilience practices – its ability to execute and deliver its business function following an adverse cyber event. More »
CYBER RISK CLIENT ALERT: Facebook Settles Its BIPA Suit for $550 Million While Damage and Jurisdiction Issues Remain
All eyes are on the recent settlement in Patel v. Facebook, Inc., 932 F.3d 1264 (9th Cir. 2019), where a group of class-action plaintiffs (“Class”) alleged that Facebook violated Illinois’ Biometric Information Privacy Act (“BIPA”). Patel had already received a lot of attention primarily because the Ninth Circuit found Article III standing in the absence of actual harm.
Patel settled for a massive $550 million. This is the largest cash settlement seen in a privacy-related suit according to the parties, which is creating a lot of new-found interest in BIPA with speculation on how the settlement amount will impact future claims. More »
There has been no shortage of litigation since the passage of the Illinois Biometric Information Policy Act, commonly known as BIPA, especially since the Illinois Supreme Court’s recent decision in Rosenbach v Six Flags Entm’t Corp., 2019 WL 323902 (Ill 2019) that an individual does not need to allege actual damages to have standing. We have already circulated two articles discussing the [Southwest] and [Hotel Management] lawsuits. In response, defendants have been swift and creative in their defense. Most recently, a major grocery chain argued before an Illinois state court judge the unconstitutionality of BIPA. More »
New York will soon take another step forward towards protecting residents’ confidential data. As of March 21, 2020, any company that owns or licenses computer data that contains the private information of a New York resident must implement and maintain reasonable measures to protect that information. This new legislation impacts any business that obtains or preserves New York residents’ confidential information regardless of where that business is located. New York’s expanding protection serves as yet another reminder of the importance of corporate cyber-resilience.
In 2005, New York enacted the “Information Security Breach and Notification Act.” (“Notification Act”). As with other states throughout the country, the New York State legislature recognized the significant adverse impact of data security breaches as well as identity theft, and further recognized that New York residents were “hindered by a lack of information regarding breaches. . . .” Accordingly, the state legislature enacted the Notification Act to ensure that New York residents are properly informed in the event of a data breach, as such information would empower residents to implement measures designed to repair damage and, if possible, prevent future damage from a data breach. More »
Recently, the Ninth Circuit Court of Appeals issued an opinion in the case of Patel v. Facebook, Inc., 2019 WL 3727424 (9th Circ. 2019), allowing a class-action lawsuit filed in the Northern District of California to proceed. The Court held that the plaintiffs have Article III standing to bring the suit because Facebook’s alleged violations of Illinois’s Biometric Information Privacy Act (“BIPA”) constitute a sufficiently concrete injury-in-fact. The Court also upheld the district court’s grant of the plaintiffs’ motion for class certification, finding that the Federal Rules of Civil Procedure’s predominance and superiority requirements were met. Patel represents a continued expansion of the law in favor of plaintiffs bringing suits under BIPA. More »
In response to the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (actual harm is not required for standing under the Illinois Biometric Information Privacy Act), the Illinois legislature is now considering amending the statute, in part, by removing its private right of action.
Illinois was the leader in enacting privacy protections for biometric data. Illinois is still one of only a few states to have such protections in place (along with Texas and Washington). Arizona, Florida, and Massachusetts have proposed regulations to protect biometric identification, and California will have its biometric protections take effect on January 1, 2020. More »
As a follow-up to our blog post discussing the status of the Southwest litigation currently underway in the Seventh Circuit, another complaint alleging a violation of the Biometric Information Privacy Act (“BIPA”) was filed by a hotel employee in Cook County, Illinois. Donal Lydon v. Fillmore Hospitality, et al., Case No. 2019-CH-05679 (Circuit Court of Cook County, Illinois). Like the allegations against Southwest Airlines, the plaintiff in Lydon, alleges Fillmore Hospitality LLC, which manages hotels in several states, including Illinois, violated BIPA by collecting and then sharing its employees’ fingerprints for timekeeping purposes. The plaintiff filed his action as a class action, seeking to represent any individual in Illinois who has scanned their fingerprints for Fillmore’s biometric time clock. More »
Seventh Circuit Appellate Briefs Filed in Southwest Airlines Biometric Case Involving Collective Bargaining Agreements
On April 18th, Southwest Airlines Co. filed a response brief with the Seventh Circuit Court of Appeals in the Jennifer Miller, et al. v. Southwest Airlines Co. matter (Court No. 18-3476).
The suit involves allegations by the Miller Plaintiffs, ramp workers or operations agents for Southwest at Chicago Midway International Airport, that in 2006 Southwest began scanning employees’ fingerprints for the employees to sign in and out of work. The fingerprints were used as part of a time clock system that tracks employees’ attendance. According to the employees, Southwest did not ask their permission to collect their finger prints or publish a policy regarding the fingerprint collection. The workers alleged that the airline never got their permission to transmit the information to the time clock software program and did not tell employees what happened to their fingerprint data upon an employee leaving the company. More »
CYBER RISK CLIENT ALERT: Supreme Court Remands Google Settlement - Might Resolve Existing Circuit Splits On Proving Actual Harm
On March 19, 2019, the United States Supreme Court remanded a privacy class action settlement back to the Ninth Circuit Court of Appeals to address whether the class members can plausibly claim to have suffered concrete harm. This ruling serves as the latest hurdle for plaintiffs in cybersecurity litigation to establish standing to sue companies for data breaches and unauthorized data sharing. More »
Recently, the Illinois Supreme Court resolved contradictory rulings from lower courts regarding standing under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/5 (West 2016). The likely result of this ruling was that there will be increased litigation under BIPA.
In Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317, the Illinois Supreme Court held that an individual is not required to show actual harm; establishing a technical violation of under BIPA is sufficient to be “aggrieved” and allow a plaintiff to seek remedial measures. More »
- In Defense of Long-Term Care Facilities: Immunity, and What to do if There is Not Any
- Changes to Punitive Damages Coming to Missouri
- Retro-Fitting Reservations: The Re-Opening of Restaurants Amidst the COVID-19 Crisis
- Florida's Religious Re-Opening: Guidance For Faith Based Institutions To Mitigate Liability In Epidemic/Pandemic Events
- The Future of E-Cigarette Litigation: Is There One?
- Re-Opening States and Businesses and the Role OSHA May Play
- COVID-19 Pandemic Negligence Claims Update: Developing Legal Immunity for Health Care Professionals
- Michigan Governor Signs Executive Order Cutting Red Tape for Motor Carriers During the COVID-19 Pandemic
- Will Drug and Medical Device Manufacturers Combating COVID-19 be Subject to Tort Liability?
- Malpractice Mitigation: Utilizing Professional Standards as a Defense to Claims of Negligence in Epidemic/Pandemic Events
- Professional Liability
- Class Action
- Complex Commercial Litigation
- Insurance Coverage
- Insurance & Reinsurance Litigation & Counseling
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Employment Litigation & Counseling
- Product Liability
- Social Media & Privacy
- Workers' Compensation
- Construction Litigation & Counseling
- Pharmaceutical & Medical Device Litigation
- Discrimination, Harassment & Hostile Workplace Claims
- Medical Negligence & Healthcare Liability