PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Standing in Data Breach Cases: Why Harm Is Not “Manufactured”

Data Breach Standing - 11th Circuit

In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud?  I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]

Read More…

The M.D. Anderson Case and the Future of HIPAA Enforcement

HIPAA Enforcement MD Anderson Case 02

The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2001), the 5th Circuit struck down a fine and enforcement […]

Read More…

The Deal with Data Rights: An Interview with Heather Federman

Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.   […]

Read More…

The Impact of the Schrems II Decision: An Interview with Wim Nauwelaerts

Schrems II

In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]

Read More…

How Cyberinsurance Is Responding to Ransomware: An Interview with Ken Suh, Mark Singer, and Marcello Antonucci

Ransomware has long been a scourge, and it has been growing into a pandemic with no signs of slowing down. I recently had the opportunity to discuss ransomware with several experts at Beazley. Based in Chicago, Ken Suh is the focus group leader for cyber & tech claims at Beazley. Mark Singer is a cyber & tech […]

Read More…

Ransomware and the Role of Cyber Insurance: An Interview with Kimberly Horn

hacker setting up ransomware

Ransomware has long been a scourge, and it’s getting worse. I recently had the chance to talk about ransomware and cyber insurance with Kimberly Horn, the Global Claims Team Leader for Cyber & Tech Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to […]

Read More…

A Terrifying New Dimension of Ransomware

Ransomware

Ransomware has long been a scourge. Since at least 2012, ransomware has grown dramatically. Ransoms have increased — the average ransom payout is now more than $40,000.   Organizations most hit are public sector, software services, professional services, and healthcare.  Healthcare, in particular, is a soft target because of the need to get systems back and […]

Read More…

Top 10 Privacy Law Developments of the Decade 2010-2019

Top 10 Privacy Law Developments of the Decade 2010-2019 02

It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective.  What is notable privacy law depends upon where one […]

Read More…

Cartoon on Data Breach

Cartoon Data Security Breach 02 small

This cartoon is about evolution of data breaches, which began to grab headlines back in 2005, thanks in large part to California’s data breach notification law — the first of such laws.  Since that time, every state has passed breach notification laws, and there are breach notification laws sprouting up around the world.  Every day, […]

Read More…