Inadvertent Data Breach May Trigger Insurer’s Duty to Defend

As previously posted, in many instances of data breach, information was exposed due to the negligent actions of someone within the organization, as opposed to an external and malicious cyberattack.  This week, the Fourth Circuit held that that the inadvertent disclosure of data from within the company can constitute a “publication” triggering an insurer’s duty to defend. Goldberg Segalla attorneys Colin B. Willmott and Jonathan L. Schwartz provide a complete analysis of the decision in Travelers Indemnity Company of America v. Portal Healthcare Solutions,
Continue reading...

A Strong Case for Mobile Device Management

The San Bernardino County government paid for, but never installed, a feature allowing employer access to any employee mobile devices. If the installation of the new feature was done, the current legal and philosophical battle between Apple and the FBI over how to access shooter Syed Rizwan Farook’s iPhone may have been avoided. What’s more, the county not only had the software, but also a longstanding policy eliminating any expectation of privacy by the employee: “No User Should Have an Expectation of
Continue reading...

Lessons From a Presidential Campaign Data Breach

It was perhaps the first major allegation of a cyber breach in a presidential campaign when the Democratic National Committee (DNC) claimed that staff members from the campaign of Bernie Sanders accessed unauthorized information from a voter database maintained by DNC. The DNC leases this database to various campaigns and the campaigns supplement it with their own information. However, campaigns are blocked via firewalls from viewing information supplied by rival campaigns. In this case, members of the Sanders campaign are alleged to have accessed information…
Continue reading...

New Executive Orders and Budget Proposals Contribute to Federal Cyber Security Efforts

The U.S. Government took several steps on Tuesday, February 9, 2016 to deal with the ever-constant issue of data privacy. First, President Barack Obama issued two Executive Orders. The first Executive Order creates the Commission on Enhancing National Cybersecurity. This new Commission will fall under the U.S. Department of Commerce and be “composed of not more than 12 members appointed by the President” though Congressional leadership can offer recommendations. The order, among other things, requires the Commission to make recommendations in several key areas including:…
Continue reading...

Better Late Than Never: U.S. and EU Regulators Reach Data Privacy Agreement

Officials from the United States and European Union have reached a tentative agreement regarding transfers of personal data by European individuals and businesses to the United States. As stated in the agreement, “This new framework will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses.” When finalized, it will replace a previous safe harbor agreement between the U.S. and EU, which was struck down by the European Court of Justice (ECJ) in October…
Continue reading...

The Danger from Within: Banks Work to Combat Hackers Internally

While many companies work diligently to guard against external cyber threats, a number of banks are taking steps to protect themselves from another dangerous, yet equally damaging source — their own employees. According to the Association of Corporate Counsel, at least 30 percent of data breaches during 2015 were caused by seemingly harmless employee errors. To the unknowing employee, a simple click of the mouse could expose information or clues to those looking for an opportunity to breach even the most high-tech security systems.…
Continue reading...

CISA Passes as Part of Omnibus Spending Bill

Congress recently passed the Cybersecurity Information Sharing Act of 2015 (CISA) as part of Division N of H.R. 2029, Public Law 114-113 the Consolidated Appropriations Act, 2016, (CAA). As previously reported, on October 27, 2015 the United States Senate passed a different version of CISA, S.754, which without requiring such information sharing, would create a system for federal, state and local agencies to receive threat information from private companies in real time and for the private sector to receive such information in addition and as…
Continue reading...

Iranians Use Cellular Modem to Hack Suburban NYC Dam

Any machine, if it’s connected to the internet, can be hacked; including the automated equipment controlling dams, steel mills and nuclear power facilities. As we previously reported here, criminals were able to take control of a German steel mill’s computerized production system, forcing an unscheduled shut-down causing “massive damage” in 2014. Likewise, in 2010, a cyberattack was able to disable Iran’s uranium enrichment centrifuges by targeting the software installed in the electronic equipment. This week, the Wall Street Journal reported that in 2013, Iranian…
Continue reading...

The Burden of Establishing “Injury” in Data-Breach Class Action Lawsuits

Contrary to the predictions of various commentators, John Jablonski of Goldberg Segalla’s Cyber Risk and Social Media Practice Group explains how recent federal court decisions continue to hold a high standard for proving standing in data breach class action lawsuits. As John concludes in an article for Claims Management: “Standing may be easier for class-action plaintiffs to demonstrate if their data was hacked, but as these cases demonstrate, surviving a standing motion is not always as easy as commentators predicted it would be in…
Continue reading...

End of EU Data Privacy Safe Harbor Blockade in Sight?

Negotiators from the European Union and the United States are in the process of negotiating a new agreement that would effectively remove the blockade to the EU Data Privacy Safe Harbor for U.S. companies. We previously wrote about a decision by the European Court of Justice (ECJ) which opened U.S. companies up to potential fines for not protecting their data from U.S. government surveillance programs. Given the potential impact against companies like Facebook and other companies that utilize personal information, EU and U.S. leaders are…
Continue reading...