As if anyone needed yet another reminder of the invasive effect a cybersecurity event can have on a business, we need not to look any further than the putative securities fraud class action lawsuits filed against global logistics giant FedEx. On June 26, 2019, the first lawsuit against FedEx was filed in the Southern District of New York. The complaint generally alleges that FedEx violated federal securities laws when it made allegedly fraudulent disclosures concerning the extent of the impact caused by the NotPetya malware…
Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely
the most robust and sweeping privacy law in the United States. This is not
surprising as California is notoriously at the forefront of passing privacy legislation,
even though close to 20 other states are also taking steps to pass similar
CCPA, which becomes effective January 1, 2020, creates a number of consumer
rights regarding the collection, storage, selling, and processing of personal
information, as well as corresponding business…
The Office for Civil Rights (OCR) at the U.S. Department of
Health and Human Services revealed on May 6, 2019 that Tennessee-based
Touchstone Medical Imaging (TMI) entered into a Resolution
Agreement (RA) requiring them to pay a $3 million fine to settle a
data breach that exposed over 300,000 patients’ protected health information (PHI).
In addition to the significant monetary fine, TMI must adopt a corrective
action plan that will address shortfalls in the company’s compliance with HIPAA
Security and Breach Notification Rules, which is…
A recent decision by an Illinois appellate court analyzed whether employees’ privacy violation claims fall within their employment agreements’ arbitration provision. At issue was an employer’s use of biometric information collected from its employees and the consequences of doing so in a manner that was allegedly inconsistent with applicable law, and whether those claims are subject to arbitration, rather than litigation in a court of law.
The Illinois Biometric Information Act
As the court noted, the Illinois Biometric Information Protection Act was enacted in 2008…
Over the last few years, there has been a marked increase in legislation regulating the collection and retention of individuals’ biometric information. For instance, Illinois, Texas, and Washington have enacted legislation regarding the collection of biometric information, and the European Union’s General Data Protection Regulation broadly regulates the collection of biometric data. In San Francisco, one motivated municipal lawmaker with similar concerns relating to privacy and the disproportionate impact surveillance has had on certain communities proposed a bill that would regulate how the city uses…
The Illinois Supreme Court finally made its long awaited ruling on standing to sue under the Illinois Biometric Information Privacy Act (BIPA), siding with the class action representative in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, and allowing persons having suffered no actual injury to maintain a cause of action under BIPA.
BIPA has already given rise to 200+ putative class action lawsuits against businesses nationwide, including those with any measureable operation in Illinois. Businesses have fought back, arguing that BIPA’s private…