Considering Legal Privileges in the Cybersecurity Context

Any organization that is cognizant of its cybersecurity obligations faces a fundamental problem: the greater the effort to increase security, the greater the number of documents generated, memorializing those efforts. Those documents could be discoverable in the event of litigation. The law of privilege in the context of pre-breach planning, including application of the attorney-client relationship to third-party technology vendors and security engineers, remains largely uncharted. The thought leaders at The Sedona Conference are taking steps to help frame the dialogue and set the stage…
Continue reading...

Everybody’s Buying Cyber… Why Aren’t You?

A recent market survey shows companies are getting the message that purchasing cyberinsurance is a corporate imperative today. According to a recent AM Best Market Segment Report, direct premiums written for U.S. cyberinsurance policies from 2015 to 2018 have doubled to $2 billion. Three million cyberinsurance policies were in force in 2018, an increase from 2.6 million in 2017. Admittedly, premium growth has slowed to 12.6 percent in 2018, although that may be due in part to the number of companies using captives for their…
Continue reading...

Federal Court Rejects Data Breach Suit Alleging a Breach of a Privacy Policy Involving Major Airline

Even as federal courts become more lenient with affording standing in data breach lawsuits, limits remain to the type of claims courts will permit to proceed. The United States District Court for the Central District of California provided a recent example on June 18, 2019, in dismissing a suit against Delta Air Lines arising from a data breach suffered in 2017 by a vendor for Delta that supports the company’s website by providing chat services and collecting customer data.  In McGarry v. Delta Air Lines,
Continue reading...

Apple Accused of Unlawfully Disclosing Users’ iTunes Data

Drawing on public criticism of Apple Inc.’s (Apple) privacy practices, in a class action complaint filed in the Northern District of California on May 24, 2016, several Apple users have accused Apple of selling its customers’ personal information and iTunes listening history to third-parties in an effort to “supplement its revenues and enhance the formidability of its brand[.]” The named plaintiffs in the proposed class action are Leigh Wheaton, a resident of Rhode Island, and Jean and Trevor Paul, residents of Michigan. Each have alleged…
Continue reading...

2019 Verizon Data Breach Report: Updating Consumers On How to Protect Themselves Again

The 2019 Verizon Data Breach Investigation Report (DBIR) was released at the end of May. This report provides an overview of data and statistical research relating to cyber threats as well as potential defenses to counteract them. The overall goal of the DBIR is to provide potential information and suggestions relating to protection as well as cyberattack recovery.  This year’s report proved to be the most extensive review yet conducted, tracking 41,686 security incidents around the world, including 2,013 data breaches from 86 countries and…
Continue reading...

Yearly Cyber Report Reveals Large Increases in Cyberattacks and Costs

The third Hiscox Cyber Readiness Report, which was published in April 2019, highlights the increased cyber risks that businesses are facing. The report, which drew data from seven countries (Belgium, France, Germany, the Netherlands, Spain, the United Kingdom, and the United States), noted the marked rise in both the amount of attacks and the overall costs stemming from cyber losses. Turning first to the increase in cyberattacks, 61 percent of respondents reported a cyber incident, up from 45 percent last year across the seven…
Continue reading...

Happy Birthday GDPR! Its Year in Review and the Future for Data Protection

The European Union’s General Data Protection Regulation (GDPR) turned a year old on May 25, 2019 already becoming a benchmark for privacy and data protection compliance.  Undoubtedly, one of the great successes of the GDPR to date has been reminding consumers of their rights surrounding data privacy, and forcing organizations to improve their own data privacy practices. The GDPR gives EU residents the right to request a portable copy of their data, the right to get their data erased, and the right to revoke their consent.…
Continue reading...

Resolution Agreement Requires Medical Imaging Company to Pay $3 Million to Settle Data Breach

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services revealed on May 6, 2019 that Tennessee-based Touchstone Medical Imaging (TMI) entered into a Resolution Agreement (RA) requiring them to pay a $3 million fine to settle a data breach that exposed over 300,000 patients’ protected health information (PHI). In addition to the significant monetary fine, TMI must adopt a corrective action plan that will address shortfalls in the company’s compliance with HIPAA Security and Breach Notification Rules, which is…
Continue reading...

Health Industry Cybersecurity Practices

Earlier this year the Department of Health and Human Services issued a report that in part detailed practices hospitals can use to avoid cyberattacks against the health care industry. The genesis of the report was the Cybersecurity Act of 2015 (CSA) and more specifically, section 405(d). That section calls for “aligning health care industry security approaches.” The forward to the report provides that “industry and government came together under the auspices of the 405(d) task group…focused on building a set of voluntary, consensus-based principles to…
Continue reading...

Cryptocurrency Theft is on the Rise

According to a recent study, losses from theft, fraud, and misappropriation of cryptocurrency increased to $1.2 billion worldwide in the first quarter of 2019, which is already 70 percent of all such activity from 2018.  In fact, it was  reported that hackers used phishing, viruses, and other techniques to steal $41 million in cryptocurrency from Binance, one of the world’s largest cryptocurrency exchanges. This is on the heels of an announcement by Fidelity Investments that it will soon buy and sell bitcoin for institutional customers.…
Continue reading...