Showing 19 posts in Cyber Risk & Liability.
There has been no shortage of litigation since the passage of the Illinois Biometric Information Policy Act, commonly known as BIPA, especially since the Illinois Supreme Court’s recent decision in Rosenbach v Six Flags Entm’t Corp., 2019 WL 323902 (Ill 2019) that an individual does not need to allege actual damages to have standing. We have already circulated two articles discussing the [Southwest] and [Hotel Management] lawsuits. In response, defendants have been swift and creative in their defense. Most recently, a major grocery chain argued before an Illinois state court judge the unconstitutionality of BIPA. More »
New York will soon take another step forward towards protecting residents’ confidential data. As of March 21, 2020, any company that owns or licenses computer data that contains the private information of a New York resident must implement and maintain reasonable measures to protect that information. This new legislation impacts any business that obtains or preserves New York residents’ confidential information regardless of where that business is located. New York’s expanding protection serves as yet another reminder of the importance of corporate cyber-resilience.
In 2005, New York enacted the “Information Security Breach and Notification Act.” (“Notification Act”). As with other states throughout the country, the New York State legislature recognized the significant adverse impact of data security breaches as well as identity theft, and further recognized that New York residents were “hindered by a lack of information regarding breaches. . . .” Accordingly, the state legislature enacted the Notification Act to ensure that New York residents are properly informed in the event of a data breach, as such information would empower residents to implement measures designed to repair damage and, if possible, prevent future damage from a data breach. More »
Recently, the Ninth Circuit Court of Appeals issued an opinion in the case of Patel v. Facebook, Inc., 2019 WL 3727424 (9th Circ. 2019), allowing a class-action lawsuit filed in the Northern District of California to proceed. The Court held that the plaintiffs have Article III standing to bring the suit because Facebook’s alleged violations of Illinois’s Biometric Information Privacy Act (“BIPA”) constitute a sufficiently concrete injury-in-fact. The Court also upheld the district court’s grant of the plaintiffs’ motion for class certification, finding that the Federal Rules of Civil Procedure’s predominance and superiority requirements were met. Patel represents a continued expansion of the law in favor of plaintiffs bringing suits under BIPA. More »
In response to the Illinois Supreme Court’s ruling in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (actual harm is not required for standing under the Illinois Biometric Information Privacy Act), the Illinois legislature is now considering amending the statute, in part, by removing its private right of action.
Illinois was the leader in enacting privacy protections for biometric data. Illinois is still one of only a few states to have such protections in place (along with Texas and Washington). Arizona, Florida, and Massachusetts have proposed regulations to protect biometric identification, and California will have its biometric protections take effect on January 1, 2020. More »
As a follow-up to our blog post discussing the status of the Southwest litigation currently underway in the Seventh Circuit, another complaint alleging a violation of the Biometric Information Privacy Act (“BIPA”) was filed by a hotel employee in Cook County, Illinois. Donal Lydon v. Fillmore Hospitality, et al., Case No. 2019-CH-05679 (Circuit Court of Cook County, Illinois). Like the allegations against Southwest Airlines, the plaintiff in Lydon, alleges Fillmore Hospitality LLC, which manages hotels in several states, including Illinois, violated BIPA by collecting and then sharing its employees’ fingerprints for timekeeping purposes. The plaintiff filed his action as a class action, seeking to represent any individual in Illinois who has scanned their fingerprints for Fillmore’s biometric time clock. More »
Seventh Circuit Appellate Briefs Filed in Southwest Airlines Biometric Case Involving Collective Bargaining Agreements
On April 18th, Southwest Airlines Co. filed a response brief with the Seventh Circuit Court of Appeals in the Jennifer Miller, et al. v. Southwest Airlines Co. matter (Court No. 18-3476).
The suit involves allegations by the Miller Plaintiffs, ramp workers or operations agents for Southwest at Chicago Midway International Airport, that in 2006 Southwest began scanning employees’ fingerprints for the employees to sign in and out of work. The fingerprints were used as part of a time clock system that tracks employees’ attendance. According to the employees, Southwest did not ask their permission to collect their finger prints or publish a policy regarding the fingerprint collection. The workers alleged that the airline never got their permission to transmit the information to the time clock software program and did not tell employees what happened to their fingerprint data upon an employee leaving the company. More »
CYBER RISK CLIENT ALERT: Supreme Court Remands Google Settlement - Might Resolve Existing Circuit Splits On Proving Actual Harm
On March 19, 2019, the United States Supreme Court remanded a privacy class action settlement back to the Ninth Circuit Court of Appeals to address whether the class members can plausibly claim to have suffered concrete harm. This ruling serves as the latest hurdle for plaintiffs in cybersecurity litigation to establish standing to sue companies for data breaches and unauthorized data sharing. More »
Recently, the Illinois Supreme Court resolved contradictory rulings from lower courts regarding standing under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/5 (West 2016). The likely result of this ruling was that there will be increased litigation under BIPA.
In Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317, the Illinois Supreme Court held that an individual is not required to show actual harm; establishing a technical violation of under BIPA is sufficient to be “aggrieved” and allow a plaintiff to seek remedial measures. More »
CYBER RISK CLIENT ALERT: Will This Become a National Trend? Pennsylvania Supreme Court Rules That Employers Have a Legal Duty to Protect Employees' Electronic Data
Recently, the Pennsylvania Supreme Court, in Dittman v. UPMC, ruled that employers have a have a legal duty to exercise reasonable care to safeguard employees’ electronically stored personal information. The dispute in Dittman arose after a data breach at the University of Pittsburgh Medical Center (“UPMC”) impacted 62,000 employees. Hackers accessed UPMC’s computer system, and stole employees’ personal and financial information including birth dates, social security numbers, tax forms, addresses and bank account information. More »
Illinois Appellate Court Concludes that Actual Harm is not Required under Biometric Information Privacy Act
An Illinois appellate court’s recent opinion may very well open the flood gates for litigation arising out of alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”) by eliminating the need to allege actual harm to have standing to sue. Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175. More »
- CYBER RISK CLIENT ALERT: The Constitutional Argument Against BIPA
- CYBER RISK CLIENT ALERT: The SHIELD Act Requires Corporations to Implement Cyber-Security Measures
- New Michigan DIFS Order Raises More Questions for Auto Insurers
- Proposed Hours of Service Rules: Balancing Safety and Economy
- Ninth Circuit Holds BIPA Class-Action Plaintiffs Have Article III Standing
- PROFESSIONAL LIABILITY CLIENT ALERT: Attorney Liability Under the FDCPA
- Five Words & Phrases Defense Attorneys Should be Mindful of in Trucking Litigation
- CYBER RISK CLIENT ALERT: BIPA Cutbacks Stalled in Springfield - For Now.
- PROFESSIONAL LIABILITY CLIENT ALERT: The Development of Michigan's Attorney Judgment Rule
- Another BIPA Violation Alleged in Illinois
- Professional Liability
- Class Action
- Complex Commercial Litigation
- Insurance Coverage
- Insurance & Reinsurance Litigation & Counseling
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Social Media & Privacy
- Workers' Compensation
- Medical Negligence & Healthcare Liability
- Pharmaceutical & Medical Device Litigation
- Product Liability
- Construction Litigation & Counseling
- Employment Litigation & Counseling
- Discrimination, Harassment & Hostile Workplace Claims