On June 28, 2018, Adidas released a statement announcing that it recently “became aware that an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.” Adidas believed the breach was limited to contact information, usernames and encrypted passwords, and not any stored credit card or fitness information, relating to millions of … Continue Reading
The month of August saw two federal criminal convictions of individuals involved in significant cyberattacks. In Boston, a federal jury convicted Martin Gottesfeld of one count of conspiracy to intentionally damage a protected computer and one count of intentional damage to protected computers. The charges resulted from 2014 Distributed Denial of Service (DDOS) attacks on … Continue Reading
We have been following litigation surrounding the Illinois Biometric Information Privacy Act (BIPA), and noting that many employers have been sued for using fingerprints for employees to clock into their jobs [view related posts]. This week, Southwest Airlines was successful in its quest to dismiss a proposed class action case that alleges that it required … Continue Reading
Companies doing business in Illinois should consider getting up to speed on the Illinois Biometric Information Privacy Act (BIPA). We have reported on numerous (but not all) cases filed against technology companies and employers for alleged violations of BIPA [view related posts here]. The class action lawsuits continue to get filed at a rapid pace, … Continue Reading
As we noted earlier this year, Saks Fifth Avenue LLC, Saks Incorporated, and Lord & Taylor previously disclosed, on April 1, 2018, that some of their customers’ personal information may have been compromised in a data breach. Those companies all share the Canadian business group Hudson’s Bay Company (collectively with Lord & Taylor LLC, Saks … Continue Reading
Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” … Continue Reading
Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it … Continue Reading
In a recent decision, the federal Court of Appeals for the Second Circuit (which covers New York, Connecticut, and Vermont) affirmed the conviction of an Italian citizen for misdemeanor computer intrusion in violation of the Computer Fraud and Abuse Act of 1986 (CFAA). The decision is noteworthy in that, among other things, the Second Circuit … Continue Reading
The Massachusetts Supreme Judicial Court (SJC) ruled this week in favor of a consumer who sued Target, alleging that it harassed her with robocalls. The plaintiff applied for a Target credit card, and subsequently got behind in payments. Starting in January 2015, Target contacted the debtor in an attempt to collect the debt. According to … Continue Reading
The New York Department of Financial Services (DFS) issued new regulations requiring every consumer credit reporting agency that “assembles, evaluates, or maintains a consumer credit report on any consumers located in New York State register with the Superintendent of the Department of Financial Services.” As a result of credit reporting agencies’ new status of having … Continue Reading
It is a rare occurrence when a health care entity challenges the Office for Civil Rights (OCR) regarding proposed fines and penalties for HIPAA violations. In my memory, it has only happened once before. On June 1, 2018, an Administrative Law Judge (ALJ) granted summary judgment in favor of the OCR against The University of … Continue Reading
Lincare Holdings Inc. (Lincare), recently entered into a mediated settlement with its employees regarding a data breach that took place on February 3, 2017. On that date, a cyber-criminal posing as a high-level Lincare executive emailed a human resources employee requesting W-2 data for some of its employees. The human resources employee emailed the information … Continue Reading
On April 30, 2018, a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the … Continue Reading
As had been expected following the passage of the CLOUD Act by Congress last month, the U.S. Supreme Court remanded and ordered the dismissal of the pending United States v. Microsoft Corporation, Inc. case in a per curiam decision issued April 17, 2018. After briefly reviewing the basis for its grant of certiorari in the … Continue Reading
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States. This referral stems from a new claim by Max Schrems, an Austrian lawyer and privacy activist. Schrems previously … Continue Reading
On March 30, 2018, Solicitor General Noel J. Francisco filed a motion with the U.S. Supreme Court in United States v. Microsoft Corporation that seeks to vacate the judgment of the U.S. Court of Appeals for the Second Circuit in the case (which held in favor of Microsoft) and to remand the case with directions … Continue Reading
On March 23, 2018, the President signed into law the Consolidated Appropriations Act of 2018 (H.R. 1625), an omnibus spending bill that includes the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act). Among other provisions, the CLOUD Act amends the Stored Communications Act of 1986 (18 U.S.C. §§ 2701-2712, hereinafter the SCA) by … Continue Reading
Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements. See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing and storage … Continue Reading
If you’ve flown domestically in the last year, you know the drill. Take off your jacket, belt, and shoes and place them in a bin. Remove your quart-sized bag of 3.4 oz liquids and place them on top. Pull out your laptop, iPad, e-reader, gaming device, and any other electronic device larger than a cell … Continue Reading
We have previously reported on Facebook’s fight against a proposed class action case alleging violation of the Illinois Biometric Information Privacy Act (BIPA). Facebook continues to fight the allegation that its collection and storage of users’ and non-users’ facial scans through the use of facial recognition technology violates BIPA, and has filed a Motion to … Continue Reading
Last week, TOPS Software LLC (TOPS), a software company that specializes in condominium and homeowners association communication platforms, was served with a class action in Illinois federal court which alleges that TOPS violated the Telephone Consumer Protection Act (TCPA) by using auto dialer technology to solicit consumers to attend the “CAMfire conference.” The CAMfire Conference … Continue Reading
On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located … Continue Reading
On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that … Continue Reading
In October 2017, healthcare insurer, CareFirst, petitioned the United States Supreme Court, requesting the Court to clarify the constitutional standing requirement for plaintiffs seeking to bring claims regarding their exposure during corporate data breaches. In order to invoke federal court jurisdiction, a plaintiff must plead an actual or imminent injury. The Supreme Court has held … Continue Reading
