The United States Court of Appeals for the First Circuit has opened the door to increased liability for banks when hackers make fraudulent withdrawals. In Patco Construction Co., Inc. v. People's United Bank, the Court held that Ocean Bank, a division of People's United Bank, failed to establish "commercially reasonable" measures to prevent six fraudulent withdrawals from an account held by a local business. This alert provides an analysis of this significant decision and its potential implications for financial institutions.
On July 3, 2012, Orange County Superior Court Judge Nancy Wieben Stock issued a ruling dismissing a California “Shine the Light” consumer protection law case without leave to amend, making it the first “Shine the Light” case to come to a final decision in a trial court. Judge Stock dismissed the case against XO Group Inc. by filing a ruling sustaining demurrers to both of the plaintiff’s two causes of action in the initial Complaint without leave to amend. The ruling holds that, based on the facts that the plaintiff admitted in her Complaint and that her attorney confirmed at oral argument, there is no possibility of showing that XO Group violated the Shine the Light law.Continue Reading...
In a draft research paper titled "Empirical Analysis of Data Breach Litigation", three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick.
Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be sued for a breach of personal data, and what made a data breach lawsuit more likely to settle.
As an interesting example, they found that the odds of a company being sued over a data breach are six times lower when the company offered free credit monitoring following the breach. They also examined the probability of lawsuit and settlement as a function of the causes of the breach and the types of data lost.
The researchers provided some very interesting summary data. For example, by coding data within the federal complaints, they found 87 unique causes of action brought by plaintiffs' attorneys. They also provided information on settlement amounts, attorney's fees awards and cy pres awards.
Any lawyer who handles data breach cases would likely find this article to provide valuable insights.
On February 22, 2012, California’s Attorney General, Kamala D. Harris, entered into an agreement with several leading providers of mobile devices and app stores to increase consumer privacy protection for mobile applications or “apps.” Under the agreement’s terms, these companies have agreed to redesign their app stores to provide a location for app developers to display their privacy policies.
On February 23, 2012, the White House issued a proposal to adopt a Consumer Privacy Bill of Rights. The new proposal is part of the Administration’s efforts to adopt a comprehensive consumer data privacy framework that applies to all personal data, defined as any data that can be linked to a specific individual or device. The Administration’s efforts are also intended to bring about conformity with the privacy principles that have become the norm in other countries such as in Europe, thereby increasing interoperability between the U.S. privacy framework and that which has arisen in the rest of the world.
For now, the Consumer Privacy Bill of Rights is still a blueprint and does not include enforceable rules, but the Administration is pursuing implementation through legislation and a multistakeholder rule-making process.Continue Reading...
Did you know there are breach notification obligations in all 50 states (effective 9/2012), even though only 46 states have adopted them? How could that be, you ask? Because Texas said so. (Does that surprise you?)
Texas recently amended its breach notification law so that its consumer notification obligations apply not only to residents of Texas, but to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Texas's amended law (H.B. 300) specifically requires notification of data breaches to residents of states that have not enacted their own law requiring such notification (that is, Alabama, Kentucky, New Mexico and South Dakota).Continue Reading...
Want to know how you can protect your company from Wikileaks debacles the likes of which have been faced by the U.S. government as well as private companies. Check out this recent article by Proskauer's Dan Winslow and Kristen Mathews.
Following the success of our Annual Proskauer on Privacy Conference in New York, we are taking the program on the road and invite you to attend our first Proskauer on Privacy: Boston Edition. Presented by the firm's Privacy and Data Security Group, this conference will focus on the latest developments in this area of law.
Our keynote speaker is Barbara Anthony, the Undersecretary of the Office of Consumer Affairs and Business Regulation of Massachusetts.
Tuesday, December 14, 2010
8:00 a.m. - 8:30 a.m. Breakfast and Registration
8:30 a.m. - 11:45 a.m. Program
One International Place
Boston, MA 02110-2600