The Illinois Supreme Court Clears the Way for a Proliferation of Lawsuits Under the Illinois Biometric Information Privacy Act

Richard HuDaniel SaeediBy Richard Hu and Daniel Saeedi on Posted in Privacy Policy

On Jan. 25, 2019, the Illinois Supreme Court issued a landmark opinion in Rosenbach v. Six Flags Entertainment Corporation, a case brought under the Illinois Biometric Information Privacy Act (“BIPA”). 740 ILCS 14/1 et seq. The court reversed the decision of the Illinois appellate court and held that a plaintiff may bring a lawsuit under BIPA as an “aggrieved” party based upon a defendant’s violation of the statutory requirements of BIPA and without the plaintiff being required to show … Read More

Indiana Business Owners May Now Face Million Dollar Lawsuits From Data Breach Victims

William C. WagnerBy William C. Wagner on Posted in Data Breach

The Indiana Attorney General recently asserted a novel claim under the Indiana Deceptive Consumer Sales Act that, if successful, opens the door for data breach victims to file class action lawsuits and recover $500 or more per person in statutory damages and attorney’s fees. Damages can add up fast as a data breach involving 2,000 people could result in $1,000,000 in damages, not including attorney’s fees. Data breaches may also result in a lawsuit by the Attorney General for civil … Read More

The Illinois Biometric Information Privacy Act: Aggrieved or Not Aggrieved – That is the Question

Richard HuBy Richard Hu on Posted in data privacy

The Background of the Law

Of late, the U.S. private sector has been abuzz with the European Union’s new General Data Protection Regulations and the implementation of the same. However, savvy companies cannot forget that state legislatures have been for some time enacting statutes aimed at protecting its residents in how businesses use and disseminate their personal information. In 2008, Illinois became one of the first states to be mindful of the uniqueness of biometrics with the passage of the … Read More

Change is in the California Air as Legislature Amends New Privacy Law

Zachary HeckBy Zachary Heck on Posted in Consumer Privacy Bill of Rights, Cyber Security

Last week, I had the pleasure of speaking at the 11th Annual Northern Kentucky University Cybersecurity Symposium. This year, over three hundred attendees ranging from IT and security professionals, to corporate executives and attorneys, gathered for workshops and presentations relating to nascent privacy and security issues. During my presentation, “So Goes California, So Goes the Nation,” I discussed the California Consumer Privacy Act (“CCPA”), and the California legislature’s recent amendments to the CCPA (“the Amendments”), which were … Read More

Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

Brian EatonScot GanowBy Brian Eaton and Scot Ganow on Posted in Data Breach

The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best practices that can help … Read More

Perfect Labor Day Beach Reading: New York’s (Next) Round of Financial Cybersecurity Requirements

Scot GanowBy Scot Ganow on Posted in Cyber Security

I don’t mean to ruin your holiday weekend, but we thought to send out a friendly reminder on the next set of rolling deadlines and requirements from New York’s financial services cybersecurity law (23 NYCRR 500). A regulated organization that must comply with the law, or “covered entity,” is “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial … Read More

Proactive Approach to Cybersecurity Pays off in Ohio with New Data Protection Act

Scot GanowZachary HeckBy Scot Ganow and Zachary Heck on Posted in Cyber Security

Last November, Taft’s Scot Ganow and Bill Wagner wrote on Ohio first-of-its kind state legislation which would provide companies a safe harbor from some litigation resulting from a data breach. This month, Governor John Kasich signed the Ohio Senate Bill 220, also known as the Ohio Data Protection Act, into law. The law goes into effect in November, and is aimed at providing entities conducting business in Ohio with special protection from litigation in the event of a … Read More

Don’t Be Too Big for Your Breaches! Why Encrypted Data Can Be the Best Way to Avoid a Data “Breach”

Scot GanowBy Scot Ganow on Posted in Data Breach

Taft summer associate Jordan Jennings-Moore contributed to this article.

In today’s world, very few people remain completely unscathed by a data breach somewhere. From Target, to Anthem, Wendy’s or Equifax, individuals across the country have grown accustomed to getting breach notification letters. Most recently, Alabama and South Dakota became the last two jurisdictions in the United States to adopt data breach notification laws. This means that any person or entity conducting business in the U.S. must be … Read More

So Goes California, So Goes the Country?: The Golden State Again Breaks New Privacy Law Ground

Scot GanowWilliam C. WagnerBy Scot Ganow and William C. Wagner on Posted in data privacy, Uncategorized

Rebekah Mackey, Taft summer associate, contributed to this article.

Just months after the European Union’s General Data Protection Regulation, or “GDPR” changed the landscape of data privacy around the globe, California reaffirmed its position as the United States pioneer of consumer-friendly data privacy protections with the state legislature’s passage of Assembly Bill No. 375.

The California Consumer Privacy Act (“Act”) was originally a ballot initiative to be voted on by California residents in November, but the fate of the … Read More

GDPR Quick Hits: Some Last Minute Thoughts as May 25th draws nigh

Scot GanowBy Scot Ganow on Posted in data privacy, European Union

As we assist clients with preparing for GDPR compliance before and after this Friday’s effective date, I thought to share some quick thoughts on the law and what we are seeing here at Taft.

  1. “GDPR Compliant.” Be wary of companies making such claims and don’t make such claims, yourselves.  As with HIPAA, there is no such thing as a stamp of “compliance” approval.  And, like bragging about your information security, warranting that you are “compliant” is just asking for that
Read More
LexBlog