Violation of Biometric Information Statute Claim Triggers Duty to Defend Under Liability Insurance Policy

A flurry of class-actions have been filed over the past few years in Illinois concerning the collection of biometric information, which is regulated under Illinois’ Biometric Information Privacy Act (“BIPA”). Indeed, a marked increase in BIPA lawsuits have followed a 2019 Illinois Supreme Court decision allowing suits to proceed without a showing of actual injury, as long there was a technical violation of BIPA. As a result, it was only a matter of time before Illinois courts weighed in on the insurance coverage implications of… Continue Reading

More Unpacking of the California Consumer Privacy Act [Podcast]

Goldberg Segalla’s Albert Alikin, Marc Voses and Courtney Zucker join Timely Notice for an update of the California Consumer Privacy Act (CCPA). Marc and Courtney give a brief overview of what types of businesses must comply, offer tips on taking the first steps toward compliance and provide insight into the first lawsuits referencing CCPA. Plus, they flag noteworthy changes in the February 2020 AG Guidelines update. Access Timely NoticeContinue Reading

Part 5: A Game of “Who’s Who” Under the CCPA

This is our fifth blog post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on the differences between data collectors, service providers, and third parties. We also discuss data brokers and their specific obligations under the CCPA. While this post does not require any background on the CCPA, if you would like the benefit of our preliminary discussions before diving into this post we invite you to start with Part 1: The California Continue Reading

The NFL Twitter Hack Shows We Need to Move Past Password Protection

Libraries, professional athletes and the general public can invest significant time developing complex passwords to protect their accounts, but nothing can change the fact that a malicious attacker with an internet connection can hack an account with nothing more than a keyboard. For decades, the public have happily relied on passwords—those unique combinations of letters, numbers and symbols—to protect their online accounts and information. While most know that anything connected to the internet is accessible by anyone on Earth, including the criminal with a keyboard… Continue Reading

Data Breach Lawsuit Raises Specter of the CCPA

It was only a matter of time, but we now have our first lawsuit that references California’s new consumer data protection act, the California Consumer Privacy Act (CCPA), which went into effect on Jan. 1, 2020. The CCPA permits each consumer that can establish a violation of certain provisions of the CCPA to seek damages of up to $750, or actual damages, whichever is greater. As the CCPA hangs over businesses like a Sword of Damocles, it remains to be seen whether it will have… Continue Reading

Department of Defense Releases Cybersecurity Model Certification Required in Contract Bids

The Department of Defense released last week its new Cybersecurity Maturity Model Certification (CMMC), which will require at least some companies bidding on defense contracts to certify that they are compliant with at least the basic level of cybersecurity standards to work on government contracts.  The CMMC is a certification procedure that ensures that contractors have the controls in place to protect sensitive data, including Federal contract information and Controlled Unclassified Information (CUI). The Department of Defense put these measures in place in furtherance of… Continue Reading

Agrisilience

Key Takeaways:
  • Precision agriculture and technological advances in food production and distribution represent countless pathways to potential cyber liabilities in the agribusiness setting
  • The distinct nature of commercial agribusiness and farm operations and insurance present unique data security threat vectors and, therefore, require targeted partnerships to respond to the segment’s business needs
  • Agritech + cyber resilience = agrisilience
Agritech has been broadly defined as the use of technologies and innovations to improve food production and distribution. It is yet another term of art in the… Continue Reading

Countdown to New Year’s Day and the CCPA

The California Consumer Privacy Act (CCPA) becomes effective on January 1, 2020. We are counting down 10 practical measures you can take to begin down the path for CCPA compliance: 10. Determine whether your business must comply with the CCPA.
  • You must comply with the CCPA if:
    • You are a for-profit entity with over $25 million in gross revenues that conducts business in the state of California and collect the personal information of California residents
    • You annually buy, receive for the business’ commercial purposes, sell,
Continue Reading

Applying Discovery Rules to Cybersecurity Investigations

During discovery, corporate entities have long been asked to produce documents from related internal investigations. Most rules of civil procedure now explicitly address such scenarios and are supplemented by extensive caselaw. As litigation in the cybersecurity field becomes more commonplace, a growing body of caselaw has developed to address investigations of cybersecurity incidents. In the high-profile investigation of Facebook and Cambridge Analytica by the Massachusetts attorney general, oral argument on an attempt to compel production of data from Facebook suggests that the same principles applied… Continue Reading

Part 4: Privacy Policy Requirements Under the CCPA

This is our fourth blog post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on a business’ obligations when it comes to their privacy policy, such as including and disclosing certain information regarding consumers’ rights. While this post does not require any background on the CCPA, if you would like the benefit of our preliminary discussions before diving into this post we invite you to start with Part 1: The California Consumer Privacy Continue Reading