Matthew S. Trokemheim

All articles by Matthew S. Trokemheim


Federal Court Rejects Data Breach Suit Alleging a Breach of a Privacy Policy Involving Major Airline

Even as federal courts become more lenient with affording standing in data breach lawsuits, limits remain to the type of claims courts will permit to proceed. The United States District Court for the Central District of California provided a recent example on June 18, 2019, in dismissing a suit against Delta Air Lines arising from a data breach suffered in 2017 by a vendor for Delta that supports the company’s website by providing chat services and collecting customer data.  In McGarry v. Delta Air Lines,  

Health Care Organizations Seek Regulatory Changes To Improve Access To Cybersecurity Tools

Cybersecurity presents thorny problems specific to healthcare organizations. Not only are their protection of personal health information strictly regulated by the HIPAA and HITECH laws, but such organizations are also more frequently the targets of cyberattacks due in part to the highly personal information collected by such organizations, and in part due to the relative lack of resources available to battle cyber-threats. One set of healthcare regulations not directly related to cybersecurity, the Stark anti-kickback law, has potentially hindered healthcare organizations in adapting to an…  

Fourth Circuit Weighs in on the Evolving Law of Standing in Data Breach Litigation to Hold that Misuse of Stolen Data Confers Standing

While data breach lawyers wait for the U.S. Supreme Court to more clearly define when a hack confers standing on the individual whose personally identifying information (PII) is stolen, the Circuit Courts of Appeals continue to choose sides over a useful standard. On June 12, 2018, the Fourth Circuit weighed in to hold that the individual has standing when the data is actually misused, such as when the hackers open fraudulent credit cards with the stolen PII, and the individual spends time and resources on…  

The SEC is Focused on Public Company Disclosure of Cybersecurity Risks

While new data privacy rules in the European Union have dominated the news lately, the U.S Securities and Exchange Commission (SEC) has not so quietly been making waves of its own in the regulation of cybersecurity. In February ,the SEC issued fresh guidance to public companies on the disclosure of cybersecurity issues, both in identifying risks prospectively and in disclosing breaches quickly. It then followed up that guidance in April with its first ever fine of a public company for failing to promptly disclose a…