We ended 2017 by making predictions about what 2018 will bring to the privacy and cybersecurity world.  We’ll start 2018 by looking at how we fared in our 2017 predictions.  Spoiler alert, we nailed it. Expansion of Breach Notification Requirements We’ll give ourselves half credit for this one. While some states took action, Michigan did not […]

With Uber joining Equifax, JP Morgan, Target and others as the latest victim of a high-profile data breach, all companies should be evaluating how they can protect themselves from data breaches and the fallout.  Over the past month, we have covered how to encrypt your laptop and covered how to send secure emails.  Even if […]

In April 2017, the U.S. Department of Health and Human Services (“HHS”) announced yet another HIPAA settlement agreement with a health care provider relating to a stolen mobile device containing Protected Health Information (“PHI”).  As part of this settlement agreement, CardioNet agreed to pay $2.5 million and implement a corrective action plan resulting from the […]

If your company experiences a data breach, the first person you should contact is your lawyer.  While this advice is certainly self-serving to the authors, it is nevertheless the most prudent course of action. In the first few moments after a data breach, everything you say or do is discoverable in subsequent litigation or other […]

Ever since the news broke regarding the Equifax breach affecting over 140 million people in the U.S., we have received daily phone calls from clients, friends, and family asking what they can do to protect themselves.  Should I sign up for the credit monitoring?  Am I am going to waive my right to join a […]

Yesterday. on September 7, 2017, Equifax, a credit monitoring agency, announced that the personal information of nearly half of all Americans may have been breached.  According to Equifax, criminals used “a U.S. website application vulnerability” to gain access to files that contained names, Social Security numbers, birth dates, addresses and driver’s license numbers. Equifax stated […]

In a previous post on this blog here, we noted that the recent decision in D.C. Circuit Court of Appeals had joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Now the Ninth Circuit Court of Appeals joins […]

On August 1, the D.C. Circuit Court of Appeals joined a growing number of federal courts holding the risk of future harm is enough to allow a class action to proceed following a data breach. Attias v. CareFirst, Inc., et al., involves a federal class action lawsuit brought by customers whose personal information was allegedly […]

In data privacy circles, there is constant discussion regarding the EU-US Privacy Shield and the EU General Data Protection Regulation (“GDPR”).  While the temptation for US- based companies to take an isolationist approach and ignore these EU regulations is understandable, doing so may unintentionally subject such companies to significant liability.  All US-based organizations that hold, […]

Looking at the risks of breaches at point-of-sale credit card systems not just from the consumer side but also from the bank’s perspective.