Privacy Risk Report

Tressler’s Privacy Practice Group brings you recent developments and insights on cyber liability, privacy and data storage.

Latest from Privacy Risk Report

Despite having the potential to impact many data collectors, Illinois’ Biometric Information Protection Act (“BIPA”) has received surprisingly little analysis from state or federal courts. A decision issued on October 17, 2019, by the United States District Court for the Northern District of Illinois may limit the number of BIPA cases reaching the federal courts and, in turn, further, limit the development of law addressing BIPA claims. In Colon v. Dynacast, LLC, 19-cv-4561 (N.D. Ill.…
Recently, the Chicago Tribune reported on a data breach involving student data stored by Pearson Clinical Assessment that may have involved a number of students at Illinois schools. On September 5, 2019, the parent of a student at Indian Prairie School District 204 in Naperville, Illinois filed a class-action lawsuit against Pearson Clinical Assessment – the education publisher that suffered a massive data breach in November 2018 exposing the personal information of thousands of teachers…
The recent decision in Kimbriel v. Abb, Inc.,19-CV-215 (October 1, 2019), provides insight into how far privacy law has developed in a short time. A couple of years ago there was little guidance as to what a plaintiff needed to establish standing in a data breach case. Many data breach lawsuits were dismissed as courts found the nexus between the breach and the alleged damages to be too weak or speculative to support a viable
For a number of years, it has been clear that data collectors face a patchwork of privacy regulations that may give rise to contradictory obligations. A recent case involving the disclosure of private information of student loan borrowers provides one of the first examples of how courts may deal with situations where a data collector has competing obligations related to the same private data. As a servicer of federal student loans, the Pennsylvania Higher Education…
There is little dispute that the Illinois Biometric Information Protection Act (“BIPA”) is a unique privacy law to the extent that it creates a private cause of action for any failures to notify individuals before their biometric information is collected and stored. That is, BIPA potentially creates a liability regardless of whether there was a breach of private information. Further complicating matters is the fact that many data collectors that qualify as “financial institutions” or…
As the number of lawsuits based on claimed violations of the Illinois Biometric Information Protection Act (“BIPA”) increase, litigants have struggled to find guidance from the courts on this new area of law. The Ninth Circuit’s August 8, 2019 decision in Patel v. Facebook, Inc., No. 18-15982 (August 8, 2019) provides slightly more guidance. In Facebook, the Ninth Circuit affirmed the district court’s finding that allegations related to Facebook’s use and storage of “face templates”…
The compliance deadline for the California Consumer Privacy Act (“CCPA”) is January 1, 2020. Even though the CCPA is the first privacy law that will directly impact a large number of U.S. businesses, the best strategy for most U.S. businesses will be to take a measured response toward this new law. GDPR Hysteria The General Data Protection Regulation (“GDPR”) has been in effect for more than a year. And, without question, GDPR has impacted privacy…
The law related to Illinois Biometric Information Protection Act (“BIPA”) came to a halt over the last year or so while the Illinois Supreme Court analyzed what constitutes an injury under the Act. As expected, courts have started to once again visit the various legal issues related to biometric data now that the Rosenbach decision has been issued. Now that BIPA cases are moving through the courts again, one major issue will be what is…
The current roster of threats–ransomware, phishing schemes and hacking–are well understood at this point. Of course, these threats are constantly evolving as we live in a world where criminals get bored quickly and need to move on. The newest privacy threat may involve elaborately faked videos, called “deepfakes,” which may be used to disparage people. A manipulated video of House Speaker Nancy Pelosi recently went viral was slowed down to make it appear she was
It is a pivotal moment when the United States Supreme Court addresses data breach cases. There was a time when people said that cyber security would be like “Y2K” and any preparations for cyber issues would suffer the same embarrassing fate as buying a generator to prepare for “Y2K.” There is no need to get too emotional, but there is no reasonable dispute that privacy issues are now just a part of our lives. April 24,…