Marc S. Voses

All articles by Marc S. Voses

 

ADA Website Accessibility: Courts Continue To Provide Clarity, At Cost to Businesses

  • The California Court of Appeals ruled in Thurston v. Midvale Corp. regarding website-related Americans with Disabilities Act (ADA) suits, specifically requiring a restaurant to bring its website into compliance with the Web Content Accessibility Guidelines (WCAG) 2.0.
  • The court adopted the now-majority viewpoint that websites are covered by the ADA when there is a nexus between the website and access to a physical place of public accommodation
  • Prospective plaintiffs are now armed with caselaw out of multiple states establishing that WCAG 2.0 is essentially the
 

Part 3: Coverage Considerations Under CGL Policies for CCPA Violations

This blog post is our third in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). Imagine this: You own a successful string of sporting goods stores across California. Not only do you sell goods directly, but you also finance large purchases to well-qualified buyers and have a generous rewards program. When customers log in to your website, you gather personal information (e.g., name, email address, cell number, etc.). In order to participate in the rewards…  

Cyber Insurance: Enabler of Ransomware Events? Not Quite

Ransomware is once again front and center in the news with reports of a rash of attacks on public and private entities throughout the United States. Some suggest that the proliferation of cyber insurance is fanning the flames of cyberattacks, but there is scant evidence to support that conclusion. In fact, cyber insurance merely offers insureds options in how to respond to a ransomware event. A recent ProPublica article speculates that cyber insurance’s ability to assist insured’s operations to quickly recover from a ransomware event…  

Part 2: Insurance Company Compliance with the CCPA as Businesses


This blog post is our second post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on insurers’ compliance obligations under the CCPA. If you would benefit from a background discussion on the CCPA, please visit our first post in this series entitled “Part 1: The California Consumer Privacy Act – What Insurers Need to Know.” The CCPA applies to insurers to the extent they qualify as “businesses” that “collect or determine…  

Biometric Class Action Against Facebook Greenlit by Ninth Circuit Court of Appeals

In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.  At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court…  

Fedex Becomes Victim of Latest Spat of Large Scale Cyber-Related Securities Class Actions

As if anyone needed yet another reminder of the invasive effect a cybersecurity event can have on a business, we need not to look any further than the  putative securities fraud class action lawsuits filed against global logistics giant FedEx. On June 26, 2019, the first lawsuit against FedEx was filed in the Southern District of New York. The complaint generally alleges that FedEx violated federal securities laws when it made allegedly fraudulent disclosures concerning the extent of the impact caused by the NotPetya malware…  

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business…  

Resolution Agreement Requires Medical Imaging Company to Pay $3 Million to Settle Data Breach

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services revealed on May 6, 2019 that Tennessee-based Touchstone Medical Imaging (TMI) entered into a Resolution Agreement (RA) requiring them to pay a $3 million fine to settle a data breach that exposed over 300,000 patients’ protected health information (PHI). In addition to the significant monetary fine, TMI must adopt a corrective action plan that will address shortfalls in the company’s compliance with HIPAA Security and Breach Notification Rules, which is…  

Employees’ Claim Under the Illinois Biometric Information Protection Act Escapes Arbitration Provision in Employment Agreement

A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.  The Illinois Biometric Information Act As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008…  

San Francisco Legislation Would Ban the City’s Use of Facial Recognition Technology

Over the last few years, there has been a marked increase in legislation regulating the collection and retention of individuals’ biometric information.  For instance, Illinois, Texas, and Washington have enacted legislation regarding the collection of biometric information, and the European Union’s General Data Protection Regulation broadly regulates the collection of biometric data.  In San Francisco, one motivated municipal lawmaker with similar concerns relating to privacy and the disproportionate impact surveillance has had on certain communities proposed a bill that would regulate how the city uses…  

As If 200 Class Action Lawsuits Weren’t Enough…

The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA.  BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private…