Leveraging Knowledge to Manage Your Data Risks
In October 2022, Advocate Aurora Health notified three million individuals of a data breach resulting from its use of tracking pixels on its website for tracking website visitor activity. Now, this month, Advocate Aurora Health settled a class action stemming from that data breach for $12.25 million.
In its breach notification to patients, Advocate Aurora…
Insurance coverage for cyberattacks can be tricky for anyone to navigate, including lawyers. To illustrate this point, a case in New Jersey caught my eye that I thought would be an interesting read for our followers who are lawyers.
In the case of SIMIE Mutual Insurance Co. v. Rankin, No. 23-cv-3974, 2023 WL 4763390…
X Corp (formerly Twitter) has cracked down on data scrapers in a series of lawsuits filed within the last several weeks. One lawsuit targets an Israel-based research firm that provides commercial data scraping, called Bright Data, for alleged unjust enrichment. Another targets The Center for Countering Digital Hate (CCDH), a UK nonprofit known for scraping…
The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).
At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office…
A plan for an enforcement program under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) (collectively CCPA) is on its way from the California Privacy Protection Agency (CPPA). Despite a recent court ruling that the enforcement of some of the amendments under the CPRA cannot begin until March 2024, last week the CPPA…
BNSF Railway, previously hit with a $228 million jury award for violating the Illinois Biometric Information Privacy Act (BIPA) when collecting fingerprints of employees, was recently awarded a new trial to determine damages. Although many cases alleging violations of BIPA have previously been settled, this case was the first to go to trial.
The jury…
EyeMed Vision Care, LLC has agreed to settle allegations lodged against it by four state Attorneys General for $2.5 million stemming from a data breach that occurred in 2020 and effected 2.1 million people.
The settlement is with the AGs of Florida, New Jersey, Oregon, and Pennsylvania. The breach occurred when threat actors infiltrated EyeMed’s…
On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice analytics software services to health care entities. The settlement resulted from MedEvolve’s alleged violation of the Health Insurance Portability and Accountability…
Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than…
The Office of the California Attorney General recently announced that it will initiate an investigative sweep and will start sending letters to businesses about their mobile apps for failure to comply with the California Consumer Privacy Act (CCPA). There is also a new online tool that allows consumers to directly notify a business of an…
