Violation of Biometric Information Statute Claim Triggers Duty to Defend Under Liability Insurance Policy

A flurry of class-actions have been filed over the past few years in Illinois concerning the collection of biometric information, which is regulated under Illinois’ Biometric Information Privacy Act (“BIPA”). Indeed, a marked increase in BIPA lawsuits have followed a 2019 Illinois Supreme Court decision allowing suits to proceed without a showing of actual injury, as long there was a technical violation of BIPA. As a result, it was only a matter of time before Illinois courts weighed in on the insurance coverage implications of… Continue Reading

More Unpacking of the California Consumer Privacy Act [Podcast]

Goldberg Segalla’s Albert Alikin, Marc Voses and Courtney Zucker join Timely Notice for an update of the California Consumer Privacy Act (CCPA). Marc and Courtney give a brief overview of what types of businesses must comply, offer tips on taking the first steps toward compliance and provide insight into the first lawsuits referencing CCPA. Plus, they flag noteworthy changes in the February 2020 AG Guidelines update. if you are related with the car industry, you may be interesting in The Most Influential People in the Continue Reading

The NFL Twitter Hack Shows We Need to Move Past Password Protection

Libraries, professional athletes and the general public can invest significant time developing complex passwords to protect their accounts, but nothing can change the fact that a malicious attacker with an internet connection can hack an account with nothing more than a keyboard. For decades, the public have happily relied on passwords—those unique combinations of letters, numbers and symbols—to protect their online accounts and information. While most know that anything connected to the internet is accessible by anyone on Earth, including the criminal with a keyboard… Continue Reading

Countdown to New Year’s Day and the CCPA

The California Consumer Privacy Act (CCPA) becomes effective on January 1, 2020. We are counting down 10 practical measures you can take to begin down the path for CCPA compliance: 10. Determine whether your business must comply with the CCPA.
  • You must comply with the CCPA if:
    • You are a for-profit entity with over $25 million in gross revenues that conducts business in the state of California and collect the personal information of California residents
    • You annually buy, receive for the business’ commercial purposes, sell,
Continue Reading

Robocall Legislation Likely to Move Forward for White House Approval

Leaders of the House Energy and Commerce Committee and the Senate Commerce Committee issued a joint statement early November advising that they have reached a deal on anti-robocall legislation which will seek to stave off those pesky robocalls United States consumers receive, often at the most inopportune times. Robocalls have been a growing problem in the U.S., based in large part on their solicitation of the disclosure of personal information to unknown organizations (who are typically based outside of the U.S.), often resulting in identity… Continue Reading

Part 2: Insurance Company Compliance with the CCPA as Businesses


This blog post is our second post in a multi-part series addressing what insurers need to know about the California Consumer Privacy Act (CCPA). This post focuses on insurers’ compliance obligations under the CCPA. If you would benefit from a background discussion on the CCPA, please visit our first post in this series entitled “Part 1: The California Consumer Privacy Act – What Insurers Need to Know.” The CCPA applies to insurers to the extent they qualify as “businesses” that “collect or determine… Continue Reading

Biometric Class Action Against Facebook Greenlit by Ninth Circuit Court of Appeals

In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.  At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court… Continue Reading

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business… Continue Reading

2019 Verizon Data Breach Report: Updating Consumers On How to Protect Themselves Again

The 2019 Verizon Data Breach Investigation Report (DBIR) was released at the end of May. This report provides an overview of data and statistical research relating to cyber threats as well as potential defenses to counteract them. The overall goal of the DBIR is to provide potential information and suggestions relating to protection as well as cyberattack recovery.  This year’s report proved to be the most extensive review yet conducted, tracking 41,686 security incidents around the world, including 2,013 data breaches from 86 countries and… Continue Reading

Happy Birthday GDPR! Its Year in Review and the Future for Data Protection

The European Union’s General Data Protection Regulation (GDPR) turned a year old on May 25, 2019 already becoming a benchmark for privacy and data protection compliance.  Undoubtedly, one of the great successes of the GDPR to date has been reminding consumers of their rights surrounding data privacy, and forcing organizations to improve their own data privacy practices. The GDPR gives EU residents the right to request a portable copy of their data, the right to get their data erased with a data destruction service, and… Continue Reading