Showing 14 posts in Cyber Risk & Liability.
Seventh Circuit Appellate Briefs Filed in Southwest Airlines Biometric Case Involving Collective Bargaining Agreements
On April 18th, Southwest Airlines Co. filed a response brief with the Seventh Circuit Court of Appeals in the Jennifer Miller, et al. v. Southwest Airlines Co. matter (Court No. 18-3476).
The suit involves allegations by the Miller Plaintiffs, ramp workers or operations agents for Southwest at Chicago Midway International Airport, that in 2006 Southwest began scanning employees’ fingerprints for the employees to sign in and out of work. The fingerprints were used as part of a time clock system that tracks employees’ attendance. According to the employees, Southwest did not ask their permission to collect their finger prints or publish a policy regarding the fingerprint collection. The workers alleged that the airline never got their permission to transmit the information to the time clock software program and did not tell employees what happened to their fingerprint data upon an employee leaving the company. More »
CYBER RISK CLIENT ALERT: Supreme Court Remands Google Settlement - Might Resolve Existing Circuit Splits On Proving Actual Harm
On March 19, 2019, the United States Supreme Court remanded a privacy class action settlement back to the Ninth Circuit Court of Appeals to address whether the class members can plausibly claim to have suffered concrete harm. This ruling serves as the latest hurdle for plaintiffs in cybersecurity litigation to establish standing to sue companies for data breaches and unauthorized data sharing. More »
Recently, the Illinois Supreme Court resolved contradictory rulings from lower courts regarding standing under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS § 14/5 (West 2016). The likely result of this ruling was that there will be increased litigation under BIPA.
In Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317, the Illinois Supreme Court held that an individual is not required to show actual harm; establishing a technical violation of under BIPA is sufficient to be “aggrieved” and allow a plaintiff to seek remedial measures. More »
CYBER RISK CLIENT ALERT: Will This Become a National Trend? Pennsylvania Supreme Court Rules That Employers Have a Legal Duty to Protect Employees' Electronic Data
Recently, the Pennsylvania Supreme Court, in Dittman v. UPMC, ruled that employers have a have a legal duty to exercise reasonable care to safeguard employees’ electronically stored personal information. The dispute in Dittman arose after a data breach at the University of Pittsburgh Medical Center (“UPMC”) impacted 62,000 employees. Hackers accessed UPMC’s computer system, and stole employees’ personal and financial information including birth dates, social security numbers, tax forms, addresses and bank account information. More »
Illinois Appellate Court Concludes that Actual Harm is not Required under Biometric Information Privacy Act
An Illinois appellate court’s recent opinion may very well open the flood gates for litigation arising out of alleged violations of the Illinois Biometric Information Privacy Act (“BIPA”) by eliminating the need to allege actual harm to have standing to sue. Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175. More »
On September 26, 2018, Uber Technologies, Inc. (Uber) reached a joint settlement with all 50 states and Washington, D.C.’s attorney generals to pay a record breaking $148 million for its 2016 data breach and subsequent cover-up. More »
DATA BREACH LITIGATION UPDATE: District Court Judge Rejects Remijas Settlement and Decertifies Class
A judge for the U.S. District Court for the Northern District of Illinois has dealt the latest blow to a consumer class seeking recovery from Neiman Marcus following the 2013 exposure of credit card information, as the result of a data breach. On September 17, 2018, Judge Sharon Johnson Coleman decertified the class and rejected a $1.6 million settlement reached between the class and Neiman Marcus Group LLC. More »
The risk of a cyber-attack is not just a “big business” problem. Due to the media’s reporting, many organizations have the impression that large companies – such as Target and Experian – are the only victims of cyber hacks and breaches. This line of thinking, however, is inconsistent with industry data, which demonstrates that small and mid-size companies are, in fact, vulnerable to this risk.
Companies of all sizes, large and small, must ask themselves whether competitors are trying to steal their trade secrets, whether companies or others are interested in their intellectual property, and whether their business contracts make them a target for a security breach. The regulatory and litigation costs associated with a data breach are monumental and, in some cases – especially those involving small or mid-sized companies – can be catastrophic. It therefore behooves every company, regardless of size, to create an effective strategy for managing and minimizing the risk of a cyber event.
There is no cookie cutter approach to managing this risk, and a cyber risk management strategy must be tailored to a company’s specific needs. As discussed below, best practices provide that a company must assess and address its cyber risk, and engage in additional activities in order to effectively manage this risk. More »
The battle over standing in cyber-security litigation continues. . . .
The latest example appears to be related to a data-breach involving the Hudson Bay Company. Founded in 1670, the Hudson Bay Company is one of the oldest companies in North America. On April 1, 2018 it joined the ever growing list of corporations that have been victimized by cyber-security breaches. Specifically, the Hudson Bay Company, which is the corporate parent of luxury department stores Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor, posted a statement on its company web pages explaining that it had become aware of a data security issue involving customer payment data at certain North American stores. The statement goes on to inform customers that Hudson Bay Company is working with security investigators regarding the breach. On April 2nd, the statement was updated to reassure customers that there was no indication that social security numbers, drivers licenses numbers, and pins had been compromised, and that the company was conducting a diligent investigation to gain an understanding of the scope of the breach. More »
CYBER RISK CLIENT ALERT: The Circuit Split Continues When It Comes to Standing in Cybersecurity Litigation
U.S. Supreme Court Denies Cert in Recent Case in Which The D.C. Circuit Concluded That “Risk of Future Harm” Is Sufficient to Prove Standing
Federal Circuit Courts will remain split on what constitutes a “concrete injury” sufficient to establish standing in cybersecurity litigation after the Supreme Court recently denied certification of an appeal from the D.C. Circuit Court of Appeals in Attias v. CareFirst, Inc. On August 1, 2017, a three-judge panel in the D.C. Circuit issued a unanimous decision stating that the risk of future harm is sufficient to establish Article III standing in data breach cases. This decision serves as the latest ruling in a continued split among circuit courts across the nation. The District Court’s holding is now final, as the U.S. Supreme Court denied certification on February 20, 2018. More »
- Michigan No-Fault Reform Update
- Missouri Joinder/Venue Reform Bill Heading to Governor for His Signature
- Seventh Circuit Appellate Briefs Filed in Southwest Airlines Biometric Case Involving Collective Bargaining Agreements
- An Examination of the Illinois Insurer-Insured Privilege: What is Protected and What is Discoverable?
- Litigation is Expensive; Consider Mediation Instead.
- Product Liability: Effective Litigation Tools and Techniques
- Driver Fatigue: A Leading Cause of Accidents and Death in the Transportation Industry
- PROFESSIONAL LIABILITY CLIENT ALERT: Opioid Litigation - The Practitioner's Guide to Managing the FDA's 2019 Roadmap
- Attorney Termination of the Attorney-Client Relationship in New York
- New Developments for Michigan Employers
- Professional Liability
- Class Action
- Insurance Coverage
- Insurance & Reinsurance Litigation & Counseling
- Complex Commercial Litigation
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Product Liability
- Discrimination, Harassment & Hostile Workplace Claims
- Medical Negligence & Healthcare Liability
- Pharmaceutical & Medical Device Litigation
- Social Media & Privacy
- Employment Litigation & Counseling
- Workers' Compensation
- Construction Litigation & Counseling