Privacy Risk Report

Tressler’s Privacy Practice Group brings you recent developments and insights on cyber liability, privacy and data storage.

Latest from Privacy Risk Report

The Indiana Supreme Court became one of the first state high courts to weigh in and issue a decision on whether crime insurance provides coverage for ransomware attacks. The trial court’s ruling in favor of Continental Western Insurance Co.’s motion for summary judgment upheld the denial of G&G Oil Co.’s bid for coverage. The Supreme Court remanded the case because further fact-finding was necessary to uncover the “fraudulent” nature of the hacker’s actions. It was…
There is no question that the Illinois Biometric Information Protection Act of 2008 (“BIPA”) has given rise to a number of unique questions under both privacy law and insurance law. First, many data collectors caught in the crosshairs of BIPA are surprised to learn this law has been in effect since 2008. Further, a substantial amount of the technology that now creates BIPA issues was not invented or, at least, was not publicly available in…
Over the last couple of years, alleged privacy violations of the Illinois Biometric Information Privacy Act (“BIPA”) have flooded Illinois courts. One unique aspect of the BIPA class action cases in Illinois is seen when plaintiffs do not have to allege any actual injury or adverse effect. That is, since the Illinois Supreme Court’s decision in Rosenbach v. Six Flags Ent. Corp., 432 Ill. Dec. 654, 129 N.E.3d 197 (Ill. 2019), Illinois courts have found…
While this year has been an unpredictable year for all data collectors, it has been especially harsh for public and private schools. In addition to various obligations on all data collectors, schools hold sensitive information belonging to children that require more obligations.  Schools must balance these obligations as they lead their students and employees through online learning during 2020. That is, to continue teaching children, most schools have had no choice but to rely on third-party applications…
While data collectors had no time to prepare for employees to start working from home in early 2020, there is time to prepare for the shift back to the office. Without a doubt, many data collectors are struggling with the cybersecurity risks created by employees shifting from the office to their homes in 2020. Interestingly, despite having no time to prepare for the shift home in early 2020, we have not heard much news about breaches…
On September 18, 2020, the Illinois Court of Appeals, First District, took another shot at reconciling some of the inconsistencies in the application of Illinois’ Biometric Information Privacy Act (“BIPA”) (740 ILCS 14/1 et seq. (West 2018)) to the workplace. The interlocutory appeal in McDonald v. Symphony Bronzeville Park LLC, 2020 IL App (1st) 192398 (Sept.18, 2020), put a single issue before the First District: “Do[] the exclusivity provisions of the Workers’ Compensation Act bar…
It is difficult to believe the Illinois Biometric Information Protection Act, 740 ILCS 14, (“BIPA”) has been in effect for more than 10 years since October 3, 2008. Many data collectors are surprised BIPA has been in effect for all these years. Issues related to biometric data have only recently grown into a major concern as the equipment that collects biometric data has evolved to the point that it can be found in a number…
Data collectors constantly struggle to balance the need for honest self-critiques of their data protection safeguards with the desire to not generate information that may be used in litigation. Indeed, it is encouraging to see a number of data collectors hiring third-party experts to look at safety measures and issue reports on their findings before there is an incident. Of course, these reports are only useful if they include an honest assessment of a data…
The latest decision related to Illinois’ Biometric Information Protection Act (“BIPA”) was issued by the Illinois Court of Appeals on June 16, 2020, in a matter entitled Cothron v. White Castle System, Inc, 2020 WL 3250706 (June 16, 2020). Latrina Cothron (“Cothron”) began working at White Castle in 2004 and was still a manager at the time she filed suit. As a side note, the Cothron matter differs from many BIPA suits to the extent…
Over the last few months, cyber security issues may have taken a backseat to health and economic issues. Thankfully, there has not been a major cyber incident during the coronavirus pandemic. To pick up where we were before the pandemic, we were closely analyzing the number of court decisions where it was found that a litigant could not establish standing to bring a lawsuit for a data breach. However, it is only a matter of…