We have written here before about the challenges and benefits of getting rid of old data.  As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning.  Last week, the New York Department of Financial Services (“NYDFS”) issued a reminderRead More

Appropriate cybersecurity disclosures can reduce risk of class action securities cases following a data breach.  We have written recently on the rise of these class action securities cases, including the Intel case and the Yahoo! $80 million settlement.  We have also been closely watching the Equifax case.  The recently … Read More

In the lead-up to the EU’s General Data Protection Regulation (“GDPR”) becoming effective on May 25, little attention was paid in the U.S. to the private right of action that the GDPR creates. But so far, private actors have filed approximately 24 cross-border GDPR complaints with EU regulators.

At least … Read More

If you haven’t been closely following, you may be of the mistaken view that without evidence of actual harm, consumer plaintiffs in federal cyber breach cases have no standing.  While that may have been roughly correct in 2016, the story in 2018 is more complicated, and getting better for plaintiffs.… Read More

One of our cyber predictions for 2018 was that class action securities cases are going to become a major issue for companies involved in cyber events.

Large-scale data breaches often give rise to a variety of legal problems for the affected company, ranging from consumer class action litigation to congressional … Read More

Plaintiffs in data breach cases have tried many theories of recovery, including negligence, negligence per se, violations of state data protection statutes, violations of the Fair Credit Reporting Act, breach of fiduciary duty, and violations of the constitutional right to privacy, with mixed results.

Courts have rejected many of these … Read More