Privacy Law Blog

Litigation Breeding Ground: Illinois’ Biometric Information Privacy Act

Illinois’ Biometric Information Privacy Act (“BIPA”) is alive and well as a potential breeding ground for litigation for tech companies. In the last month, two settlements have been announced in class actions where the plaintiffs alleged violations of BIPA in the U.S. District Court for the Northern District of Illinois. These settlements show that companies collecting biometrics should take care to ensure that their practices do not run afoul of BIPA’s requirements. Continue Reading

Notable Trends in Privacy and Data Security

COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others.

Thus, looking ahead, organizations must keep up with the dynamic and increasing legal obligations governing privacy and data security, understand how they apply, monitor risks and attack trends, and manage their compliance to minimize exposure.

Read our Practical Law article for an overview of the past year’s privacy and data security legal developments and predictions for issue to look out for 2021.

The Future of the FTC: Part II

A previous blog post discussed FTC Chairwoman Slaughter’s first priority as the newly designated chairwoman – the COVID-19 pandemic. The FTC’s second priority, racial equity, can be broken down into two sub issues. First, the FTC plans to investigate biased and discriminatory algorithms that target vulnerable communities. As the FTC acknowledges, the analysis of data can help companies and consumers, “as it can guide the development of new products and services, predict the preferences of individuals, help tailor services and opportunities, and guide individualized marketing.”  Nonetheless, the FTC cautions companies to consider the below before making decisions based on the results of big data analysis.

Continue Reading

The Future of the FTC: Part I

On January 21, 2021, President Biden designated Federal Trade Commission (the “FTC”) Commissioner Rebecca Kelly Slaughter as acting chair of the FTC. Soon thereafter in one of her first speeches in her new role, Chairwoman Slaughter announced two substantive areas of priority for the FTC – the COVID-19 pandemic and racial equity. Continue Reading

Circuit Split Deepens as Eleventh Circuit Rejects “Risk of Identity Theft” Theory of Standing in Data Breach Suit

On February 4, 2021, the Eleventh Circuit affirmed the dismissal of a customer’s proposed class action lawsuit against a Florida-based fast-food chain, PDQ, over a data breach. The three-judge panel rejected the argument that an increased risk of identity theft was a concrete injury sufficient to confer Article III standing, deepening a circuit split on this issue.

Read the full post on Proskauer’s Minding Your Business blog.

Structuring a Two Track Cyber Investigation: Lessons from Wengui v. Clark Hill

As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape, specifically concerning the discoverability of post-breach forensics reports.

Reas the full post on Proskauer’s Minding Your Business blog.

SolarWinds Vendor Supply Chain Attack: A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts

As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product, known as Orion, helps organizations manage their networks, servers, and networked devices. The hacker concealed malware inside a software update that, when installed, allowed the hacker to perform reconnaissance, elevate user privileges, move laterally into other environments and compromise the organization’s data. Continue Reading

LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK