In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud? I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]
The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]
Here are some of highlights of my privacy training, writing, resources, and humor from 2020.
Numerous privacy laws are requiring that companies provide individuals with data rights — rights to access their data, correct their data, learn about uses of their data, delete their data, and more. Administering these rights can be quite complicated for organizations.
In Facebook Ireland Ltd. v. Maximillian Schrems (Schrems II) (July 16, 2020), the European Court of Justice (CJEU) invalidated the Privacy Shield, a widely-used method to transfer personal data from the EU to the US. The decision also put other data transfer mechanisms—Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCRs)—into significant doubt. The court’s concern was the deficiency of […]
Ransomware has long been a scourge, and it has been growing into a pandemic with no signs of slowing down. I recently had the opportunity to discuss ransomware with several experts at Beazley. Based in Chicago, Ken Suh is the focus group leader for cyber & tech claims at Beazley. Mark Singer is a cyber & tech […]
Ransomware has long been a scourge, and it’s getting worse. I recently had the chance to talk about ransomware and cyber insurance with Kimberly Horn, the Global Claims Team Leader for Cyber & Tech Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to […]
Ransomware has long been a scourge. Since at least 2012, ransomware has grown dramatically. Ransoms have increased — the average ransom payout is now more than $40,000. Organizations most hit are public sector, software services, professional services, and healthcare. Healthcare, in particular, is a soft target because of the need to get systems back and […]
It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective. What is notable privacy law depends upon where one […]
This cartoon is about evolution of data breaches, which began to grab headlines back in 2005, thanks in large part to California’s data breach notification law — the first of such laws. Since that time, every state has passed breach notification laws, and there are breach notification laws sprouting up around the world. Every day, […]