“A significant data breach is likely to cost the company materially, and costs could drag on for a number of years,” analyst Shlomo Rosenbaum, commenting on the Equifax breach.
Organizations increasingly rely on third-party service providers for data collection, processing, … Continue Reading
On August 17, 2017, Delaware became the latest state to strengthen its cybersecurity laws. Under the newly enacted House Substitute 1 for House Bill 180, businesses who suffer cybersecurity breaches will face far more stringent notification requirements.
According to … Continue Reading
On September 7, Equifax, one of the three major credit reporting firms in the U.S., disclosed a data breach that potentially affects 143 million consumers. Equifax’s disclosure indicated that the breach, which Equifax claims to have discovered in July, resulted … Continue Reading
Privacy professionals have long lamented the myriad of approaches each state takes when it comes to data breach notification requirements. According to the National Conference of State Legislatures, 48 states, the District of Columbia, Guam, Puerto Rico and the Virgin … Continue Reading
By many accounts, 2017 is the 35th anniversary of widely propagating computer viruses. The recent “WannaCry” and “NotPetya” ransomware outbreaks demonstrate that computer viruses (or more broadly, “malware”) are still evolving, developing, and posing new threats. But IT … Continue Reading
The impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as … Continue Reading
The FTC has updated its Children’s Online Privacy Protection Rule (COPPA) Six-Step Compliance Plan for Your Business “to reflect developments in the marketplace” – including the introduction of internet-connected toys and the Internet of Things.
COPPA applies to operators of … Continue Reading
Healthcare service provider CoPilot Support Services (“CoPilot”) recently agreed to pay a $130,000 settlement after it waited over a year to notify patients of a data breach, in violation of New York’s breach notification law. The settlement highlights the need … Continue Reading
With the commencement of the workweek, experts predict the WannaCry cyberattack will spread further through systems that rely on older or unpatched versions of Microsoft Windows. The following alert explains the WannaCry ransomware and its impact on businesses and organizations … Continue Reading
Those who tuned in to McGuireWoods’ data breach class action webinar last month know that attacking the plaintiff’s standing can be an effective defense strategy in these cases. Here’s our analysis of the most recent appellate decision on that issue.… Continue Reading
On April 6, 2017, New Mexico enacted a data breach notification law. The “Data Breach Notification Act” (H.B. 15) will take effect on June 16, 2017. The recent passage of this statute leaves Alabama and South Dakota as the only … Continue Reading
As previously reported, the significant rise in Form W-2 phishing e-mails has prompted increased awareness surrounding these fraudulent tax schemes. Most recently, Virginia has responded to these types of attacks by amending its data breach notification law, Va. Code … Continue Reading
Data breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading
The $10 million settlement class in the Target data breach case was unraveled by the Eighth Circuit Court of Appeals in a recent decision that will force the district court to address the impact of the Supreme Court’s decision in … Continue Reading
Our Data Privacy and Security team is currently assisting multiple clients in responding to nearly identical fraudulent requests for IRS Form W-2 information. Significantly, these clients are in a number of industries and are located in a variety of states, … Continue Reading
“Cyber threats cannot be eliminated but they can be managed. Cyber experts say that it is not a question of if you will have a cyber-attack, rather it is a question of when. The next question is what you … Continue Reading
Earlier this year, the Supreme Court, in Spokeo, Inc. v. Robins, held that a bare procedural violation of a statutory requirement, divorced from any concrete harm, does not establish the injury-in-fact necessary to maintain a lawsuit in federal court. … Continue Reading
Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, … Continue Reading
State attorneys general play an active role in data privacy and security matters. Their involvement is increasing as they grapple with changing technologies and threats, rapidly evolving state laws and their relatively broad consumer protection authority to engage private sector … Continue Reading
As the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected … Continue Reading
“The goal is to turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co.
The most valuable asset of every organization is information. Organizing, analyzing and optimizing this complex source of business intelligence … Continue Reading
Seemingly not a day goes by without news of another major data breach. In the past few weeks, Yahoo! announced that at least 500 million of its user accounts were stolen in 2014, hot on the heels of Dropbox’s announcement … Continue Reading
Yesterday the Federal Communications Commission (FCC) revealed its revamped broadband privacy regulations. In March, the FCC initially proposed privacy rules which were highly criticized by everyone from the Federal Trade Commission (FTC) to small business owners. The new rules … Continue Reading
Particularity and plausibility are recurring themes from Judge Reagan’s order last week in the most recent round of litigation stemming from a 2012-2013 data breach at Schnucks grocery. See Community Bank, et al. v. Schnuck Markets, Inc., No. 3:15-cv-01125-MJR-RJD … Continue Reading