It is a pivotal moment when the United States Supreme Court addresses data breach cases. There was a time when people said that cyber security would be like “Y2K” and any preparations for cyber issues would suffer the same embarrassing fate as buying a generator to prepare for “Y2K.” There is no need to get too emotional, but there is no reasonable dispute that privacy issues are now just a part of our lives. April 24,…

While the United States may not have data protections in place that are as extensive as those seen the European Union’s adoption of GDPR, there is still a comprehensive framework of state and federal regulations in place to protect personal information. Many industries are building on the foundation set by state and federal guidelines by creating industry-specific cyber standards. For example, various organizations in the insurance industry are taking steps to ensure their members…

Protecting against cyber attacks requires coordination between data collectors and their vendors who assist in protecting that data.  Typically, vendors include public relations professionals, forensic experts and security experts to assist after the breach.  It is important to keep in mind that a vendor’s work may be controlled through contracts or agreements that place a number of obligations on a data collector.  That is, in order to receive the vendors’ assistance, a data collector may have…

Biometric data is playing a larger role in employment law as more employers begin using equipment to scan employees’ fingerprints to clock in for work. Each week more employers are defending themselves against claims by the employees such as the class action lawsuit filed against Patriot Medical Transport in Cook County Circuit Court last month. The employees in the Patriot Medical litigation claim they “have suffered injury from the unlawful collection and storage of their…

[embedded content] Data breach litigation inherently involves a significant amount of information, so it is no surprise to see discovery issues in breach cases. The typical data breach lawsuit may include discovery requests for pre-breach information (response plans, audits), response information (notification letters and phone scripts) and post breach information (remediation and vendor information).  Suffice it to say, there is ripe opportunity for discovery disputes with this amount of information needing to be exchanged between…

While many states are still struggling to enact comprehensive cyber/privacy laws and the federal government still lacks a uniform framework, Illinois data collectors have been working under the most advanced privacy statutes and common law in the United States. Specifically, the Illinois legislature has taken steps through the Personal Information Protection Act and the Biometric Information Protection Act (“Biometric Act”) that will put data collectors and courts at the forefront of privacy law for years…

NotPetya was a malware attack that began to impact businesses around the world in June of 2017.  As it turns out, the US and UK governments have publicly blamed Russia for NotPetya.  Many commentators believe NotPetya was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian’s Constitution Day. “The release of NotPetya was an act of cyberwar by almost any definition—one that was likely more explosive than even its …