Privacy & Data Security

August 2, 2021

In case you missed it, below is a summary of recent posts from CPW. Please feel free to reach out if you are interested in additional information on any of the developments covered. Federal Court Kicks Data Privacy Class Action Against Third-Party Technology Provider in Biometric Litigation | Consumer Privacy World Walmart CCPA Case Kicked for Good by Federal Judge, Case Reaffirms Mere Misappropriation of PI Does Not Establish Compensable Damages | Consumer Privacy World…

Consumer Privacy World

Federal Court Kicks Data Privacy Class Action Against Third-Party Technology Provider in Biometric Litigation

By Kristin Bryan

August 2, 2021

A federal court recently dismissed biometric litigation brought against a marketer and seller of video technology products. Jacobs v. Hanwha Techwin Am., Inc., 2021 U.S. Dist. LEXIS 139668 (N.D. Ill. July 27, 2021). Although at least two other prior cases had allowed similar claims against a third-party technology provider to proceed into discovery, the court found Plaintiff’s allegations in this instance distinguishable. Read on to learn more. First, a recap. The Illinois Biometric Information Privacy…

Attorney at Law Magazine

Ransomware Attacks: Growing Risk in the Private Sector

By Craig Petronella

August 2, 2021

Halfway through 2021, ransomware attacks are on the rise, and more companies are publicly disclosing the incidents. In addition to the nationally reported Colonial Pipeline attack, which temporarily shut down gas deliveries on the East Coast and sparked panic buying, many other high-profile attacks occurred, targeting both private companies and public agencies. Also making headlines this year were attacks on firewall vendor Accellion, IoT solutions provider Sierra Wireless, Microsoft, multinational electronics corporation Acer, laptop manufacturer…

Consumer Privacy World

Connecticut Does Away With Punitive Damages in Certain Data Breach Litigations

By Kristin Bryan

August 2, 2021

As of October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law with Public Act No. 21-119. Following the lead of Utah and Ohio, Connecticut will now prohibit in data event litigations where (1) the plaintiff asserts common law tort claims and (2) alleges that a defendants “failure to implement reasonable cybersecurity controls resulted in a data breach concerning personal information or restricted information” the assessment of punitive…

RopesDataPhiles

Recent FTC Settlement with Flo Health Focuses on Notice and Consent for Companies Sharing Sensitive Data

By Fran Faircloth & Kevin Frazier

August 2, 2021

https-dataropes-ropesgrayblogs-com-wp-content-uploads-sites-36-2020-03-other_data-security_lock_getty_1137735863-jpg

The FTC’s recent settlement with Flo Health, announced on June 22, 2021, offers insights into what practices could invite FTC investigation, especially when companies that collect sensitive information make specific promises about high levels of health privacy and data security. More than 100 million consumers use Flo, an app developed by Flo Health Inc., to help women track their periods and fertility. Although the settlement contains no admissions by Flo, the agency alleged that Flo…

RopesDataPhiles

De-stressing Distress Disputes

By Edward Machin

August 2, 2021

https-dataropes-ropesgrayblogs-com-wp-content-uploads-sites-36-2020-06-7_gdpr_one-year_ss_1064933888-jpg

There were 887 million reasons why one GDPR story was dominating the press on Friday. But sneaking under the radar was a decision from the English High Court that I reckon should be more interesting to businesses in the UK. In a nutshell, the High Court rejected a £5,000 claim for distress-related damages brought by an individual whose personal data were involved in a cyber-attack suffered by DSG, a British retailer that operates the Currys…

RopesDataPhiles

Best Practices to Avoid Tax-Related Identity Theft

By Elizabeth Julia Smith & Anna Chan

August 2, 2021

https-dataropes-ropesgrayblogs-com-wp-content-uploads-sites-36-2020-03-other_data-security_lock_ss_630882608-jpg

What Is Tax-Related Identity Theft? Fraudulent tax refunds issued as a result of identity theft occur when an individual steals a victim’s personally identifiable information (PII), such as a Social Security number (SSN), and files a tax return claiming to be the victim. More than 89,000 Americans filed complaints with the Federal Trade Commission (FTC) reporting tax fraud linked to identity theft in 2020. Similarly, businesses may also fall victim to tax fraud, where an…

Privacy & Information Security Law Blog

U.S. Rep. Castor Reintroduces Kids PRIVCY Act with Updated Provisions

By Hunton Andrews Kurth LLP

August 2, 2021

On July 29, 2021, U.S. Representative Rep. Kathy Castor (D-Florida), a member of the House Energy and Commerce Committee, reintroduced the Protecting the Information of our Vulnerable Children and Youth Act (the “Bill”). The Bill would update the Children’s Online Privacy Protection Act (“COPPA”) to, among other requirements: (1) cover teens ages 13-17; (2) expand the categories of information considered to be “personal” (to include physical characteristics, biometric information, health information, education information, contents of…

Data Law Insights

Fifth Circuit Bolsters Company’s Claim for Return of Privileged Documents Seized by Government

By Stephen M. Byers & Halie Kaplan

August 2, 2021

Finding that a lower court had underestimated the harm resulting from the government’s seizure and ongoing possession of privileged material, the Fifth Circuit ruled recently that a “taint team” process was insufficient to protect the rights of the party holding the privilege. The appellate court’s ruling is part of a trend in which courts have expressed skepticism that the use of “taint teams” by the government is an adequate safeguard against undermining the sacrosanct attorney-client…

Privacy & Information Security Law Blog

New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

By Hunton Andrews Kurth LLP

August 2, 2021

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.…

Privacy & Data Security

CPW Week in Review

Federal Court Kicks Data Privacy Class Action Against Third-Party Technology Provider in Biometric Litigation

Ransomware Attacks: Growing Risk in the Private Sector

Connecticut Does Away With Punitive Damages in Certain Data Breach Litigations

Recent FTC Settlement with Flo Health Focuses on Notice and Consent for Companies Sharing Sensitive Data

De-stressing Distress Disputes

Best Practices to Avoid Tax-Related Identity Theft

U.S. Rep. Castor Reintroduces Kids PRIVCY Act with Updated Provisions

Fifth Circuit Bolsters Company’s Claim for Return of Privileged Documents Seized by Government

New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Privacy & Data Security Blogs

Stay Connected

Company

Products

Support

New to the Network