Amid high-profile cybersecurity breaches that have spurred regulatory action and encouraged compliance revamps, the Fifth Circuit recently ruled that the Insurance Company of the State of Pennsylvania (“ICSOP”) has a duty to defend Landry’s, a Houston-based hospitality chain, in a $20 million data breach litigation.
Colorado is set to become the third U.S. state to pass comprehensive data privacy legislation.
On June 4, 2021, the European Commission announced the definitive adoption and publication of revamped Standard Contractual Clauses (“SCCs”) for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”).
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an unauthorized disclosure of their data.
Pathways for U.S. companies to transfer personal data out of the European Union have been repeatedly blocked by EU authorities concerned by what they perceive as gaps in data protection under U.S. laws.
A new decision from the First Circuit upholding the federal government’s authority to search the electronic devices of anyone entering the United States — in some instances without a warrant, probable cause, or even reasonable suspicion — presents various data-security challenges for companies and organizations of all sizes.
On November 9, 2020, the U.S. Federal Trade Commission (“FTC”) announced a proposed settlement with Zoom Video Communications, Inc. (“Zoom”), a video conferencing provider, to resolve claims that Zoom deceived users about the extent and nature of its software’s encryption and secretly installed software that circumvented a browser security safeguard.
On October 1, 2020, the Office of Foreign Assets Control (“OFAC”) issued guidance warning of potential sanctions risks for making ransomware payments related to malicious cybersecurity incidents. The same day, the Financial Crimes Enforcement Network (“FinCEN”) issued an advisory related to the role of financial institutions in processing ransomware payments.
In June 2019, U.S. Customs and Border Protection (“CBP”) suspended a government contractor, Perceptics, LLC, after it suffered a highly publicized cyberattack that resulted in a breach of sensitive data collected from Government surveillance equipment used along the U.S. border.
General Counsel and in-house legal departments have long struggled with articulating the risk of and determining the appropriate response to breaches of the company network and the potential exposure of confidential information about employees and third parties. It’s rarely a simple question.
A recent order by a federal court in Virginia rejected arguments that a cybersecurity consultant’s data breach report, which had been prepared at the direction of outside legal counsel, qualified for work product protection.