In a highly anticipated decision, the Illinois Supreme Court recently held that a separate claim accrues under the Illinois Biometric Information Privacy Act (“BIPA” or the “Act”) (740 ILCS 14/1 et seq.) each time biometric data or information is collected
Media & Privacy Risk Report
News, commentary and humor on media, privacy and the law
Latest from Media & Privacy Risk Report - Page 3
BIPA ALERT: Five Year Statute of Limitations Applicable to All BIPA Claims
In a ruling that is unlikely to significantly alter the landscape of litigation under the Illinois Biometric Information Privacy Act (“BIPA” or the “Act”) (740 ILCS 14/1 et seq.), the Illinois Supreme Court recently clarified that a five-year statute of…
TCPA Turnstile: 2022 Year in Review (TCPA Case Update Vol. 17)
As 2022 comes to a close, we wanted to look back at the most significant Telephone Consumer Protection Act, 47 U.S.C. § 227 (“TCPA”) decisions of the year. While we didn’t see the types of landscape-altering decisions that we saw…
Does the Latest Move in Trans-Atlantic Privacy Really Change the Game?
Much ink has been spilled over the Executive Order Enhancing Safeguards for United States Signals Intelligence Activities (the “Executive Order”) signed by President Biden in early October. The Executive Order is supposed to establish the United States’ commitments reflected in…
BIPA ALERT: $228M Judgment in First BIPA Jury Trial
In a landmark decision, a Chicago federal jury found that BNSF Railway Co. (“BNSF”) violated the Illinois Biometric Information Privacy Act (“BIPA” or the “Act” (740 ILCS 14/1 et seq.) resulting in a judgment of $228 million against BNSF. The speed…
Sweeping Data Breaches Under the Bug Bounty Rug: Verdict against former Uber chief security officer highlights the risk of personal criminal liability for executives
A recent criminal verdict against a former Uber executive highlights the serious potential risks associated with concealing data breaches and using “bug bounty” programs as a means to hide hacking by threat actors. In early October, former Uber chief security…
UK-US Data Transfers Post Brexit
The UK government’s reform of data protection laws and the mechanics of cross-border data transfers has accelerated in the first half of 2022.
Various European regulators, including the UK’s Information Commissioner’s Office (ICO) have expressed an intent to more closely…
U.S. Supreme Court Rejects Prejudice Element for a Claim of Waiver
Is the right to compel arbitration waived only when the plaintiff can show prejudice from the defendant’s inconsistent actions and delay? In Morgan v. Sundance, Inc., No. 21-328 (2022), the Supreme Court found that the Federal Arbitration Act (“FAA”) does…
SEC Proposes Mandatory Cybersecurity Disclosures
Public companies may soon have another regulation to worry about when it comes to their cybersecurity regime. Last week, citing the increase in cybersecurity incidents and the need for investors to be informed about cybersecurity risks in a timely matter,…
SEC Proposes New Cybersecurity Rules for Investment Advisers and Investment Companies
On February 9, 2022, the Securities and Exchange Commission (the SEC) issued proposed rules 206(4)-9 under the Investment Advisers Act of 1940, as amended (Advisers Act) and 38a-2 under the Investment Company Act of 1940 (Investment Company Act) (such…