Biometric Class Action Against Facebook Greenlit by Ninth Circuit Court of Appeals

In an opinion article dated August 8, 2019, the Ninth Circuit Court affirmed the district court’s order certifying a class action of users who claim Facebook’s facial-recognition technology violates Illinois’s Biometric Information Privacy Act (BIPA). A copy of the Ninth Circuit’s opinion can be found here.  At issue is Facebook’s use of facial-recognition technology without first obtaining the consent of its users. The court agreed that the plaintiffs had sufficiently alleged a concrete and particularized harm sufficient to confer Article III standing. The court…
Continue reading...

Equifax Agrees to Largest Ever Data Breach Settlement

In connection with the massive 2017 Equifax data breach which affected more than 147 million consumers, a global settlement has been reached to resolve a multi-district consumer action as well as a suit brought by the Federal Trade Commission. Equifax, one of the largest consumer reporting agencies, was allegedly aware of a critical security vulnerability in March 2017. However, it failed to address the issue until July 2017, when suspicious traffic was detected. Ultimately, on September 7, 2017, Equifax announced a data breach involving…
Continue reading...

Fedex Becomes Victim of Latest Spat of Large Scale Cyber-Related Securities Class Actions

As if anyone needed yet another reminder of the invasive effect a cybersecurity event can have on a business, we need not to look any further than the  putative securities fraud class action lawsuits filed against global logistics giant FedEx. On June 26, 2019, the first lawsuit against FedEx was filed in the Southern District of New York. The complaint generally alleges that FedEx violated federal securities laws when it made allegedly fraudulent disclosures concerning the extent of the impact caused by the NotPetya malware…
Continue reading...

What Is Modern Warfare? Ninth Circuit Rules War Exclusions Do Not Preclude Coverage for First Party Loss Caused by Hamas Rocket Attacks

On July 12, 2019, the Ninth Circuit Court of Appeals found two “war” exclusions inapplicable, under California law, to a loss caused by 2014 hostilities between Israel and Hamas. Universal Cable Productions, LLC v. Atlantic Specialty Insurance Co., No. 17-56672, 2019 WL 3049034 (July 12, 2019). In doing so, the court overturned the Central District of California’s award of summary judgment in favor of Atlantic Specialty Insurance Company. The parties’ dispute arose out of Atlantic’s refusal to indemnify Universal for costs associated with Universal’s…
Continue reading...

Internet of Things Cybersecurity Improvement Act

On January 1, 2020, California’s “Security of Connected Devices” law (Senate Bill No. 327), which was enacted in 2018, will require companies that manufacture any device that connects “directly or indirectly” to the Internet that is sold in California to incorporate within the device “a reasonable security feature or features.” What constitutes as a “reasonable security feature” is largely undefined, but if the device is capable of authentication outside of a local area network (LAN), then the security will be deemed reasonable if a preprogrammed…
Continue reading...

House Representatives Ask Facebook to Halt Moving Forward with its Cryptocurrency

In the beginning of July 2019, four members of Congress in leadership roles in various committees in the House of Representatives issued a letter to Facebook’s executives calling for Facebook “to agree to a moratorium on any movement forward” with its proposed cryptocurrency, Libra, and proposed digital wallet, Calibra, citing concerns over “privacy, trading, national security, and monetary policy[.]”    In June 2019, Facebook announced its plan, which had been in development for a year, to create a cryptocurrency backed by financial assets assembled by the…
Continue reading...

Preparing Private Companies for Politically Motivated Cyberattacks

Law firms in the midst of large and publicly reported M&A deals, accounting firms during return season, and Facebook at just about any moment, should all assume that they are being targeted by hackers. However, the Department of Homeland Security’s (DHS) announcement that Iranian regime actors and proxies have been using “wiper” attacks adds a new indicator: geopolitical importance during politically sensitive times. The director of the Cybersecurity and Infrastructure Security Agency (CISA) released a tweet late last week notifying the public that Iran is…
Continue reading...

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business…
Continue reading...

Considering Legal Privileges in the Cybersecurity Context

Any organization that is cognizant of its cybersecurity obligations faces a fundamental problem: the greater the effort to increase security, the greater the number of documents generated, memorializing those efforts. Those documents could be discoverable in the event of litigation. The law of privilege in the context of pre-breach planning, including application of the attorney-client relationship to third-party technology vendors and security engineers, remains largely uncharted. The thought leaders at The Sedona Conference are taking steps to help frame the dialogue and set the stage…
Continue reading...

Everybody’s Buying Cyber… Why Aren’t You?

A recent market survey shows companies are getting the message that purchasing cyberinsurance is a corporate imperative today. According to a recent AM Best Market Segment Report, direct premiums written for U.S. cyberinsurance policies from 2015 to 2018 have doubled to $2 billion. Three million cyberinsurance policies were in force in 2018, an increase from 2.6 million in 2017. Admittedly, premium growth has slowed to 12.6 percent in 2018, although that may be due in part to the number of companies using captives for their…
Continue reading...