False Claims Act Case Based On DoD’s Cybersecurity Regulations Survives Motion to Dismiss

William C. WagnerBy William C. Wagner on Posted in Department of Defense, Government Contractors

In the summer of 2015, we cautioned that the Department of Defense’s (DoD’s) new cybersecurity regulations could be used offensively to support False Claims Act (FCA) cases and bid protests. Four years later, those premonitions have unfortunately come true. Recently, a federal court refused to dismiss a relator’s implied certification FCA case in which he alleged that his employer “misrepresented … to the government the extent to which it had equipment required by the regulations, instituted required security controls, and … Read More

California: Shore to Please Consumer Privacy Rights Advocates

Marcus HarrisBy Marcus Harris and Jeff Kuo on Posted in Consumer Privacy Bill of Rights

As the Jan. 1, 2020 operational date for the California Consumer Privacy Act (“CCPA”) approaches, the balance between consumer rights and company responsibility continues to be vigorously debated. As this blog predicted when we discussed the first set of amendments to the CCPA, negotiations and amendments to the CCPA continue. We review the most recent Feb. 22, 2019 consumer friendly amendment now—Senate Bill 561 (“SB 561”).… Read More

The Illinois Supreme Court Clears the Way for a Proliferation of Lawsuits Under the Illinois Biometric Information Privacy Act

Richard HuDaniel SaeediBy Richard Hu and Daniel Saeedi on Posted in Privacy Policy

On Jan. 25, 2019, the Illinois Supreme Court issued a landmark opinion in Rosenbach v. Six Flags Entertainment Corporation, a case brought under the Illinois Biometric Information Privacy Act (“BIPA”). 740 ILCS 14/1 et seq. The court reversed the decision of the Illinois appellate court and held that a plaintiff may bring a lawsuit under BIPA as an “aggrieved” party based upon a defendant’s violation of the statutory requirements of BIPA and without the plaintiff being required to show … Read More

Indiana Business Owners May Now Face Million Dollar Lawsuits From Data Breach Victims

William C. WagnerBy William C. Wagner on Posted in Data Breach

The Indiana Attorney General recently asserted a novel claim under the Indiana Deceptive Consumer Sales Act that, if successful, opens the door for data breach victims to file class action lawsuits and recover $500 or more per person in statutory damages and attorney’s fees. Damages can add up fast as a data breach involving 2,000 people could result in $1,000,000 in damages, not including attorney’s fees. Data breaches may also result in a lawsuit by the Attorney General for civil … Read More

The Illinois Biometric Information Privacy Act: Aggrieved or Not Aggrieved – That is the Question

Richard HuBy Richard Hu on Posted in data privacy

The Background of the Law

Of late, the U.S. private sector has been abuzz with the European Union’s new General Data Protection Regulations and the implementation of the same. However, savvy companies cannot forget that state legislatures have been for some time enacting statutes aimed at protecting its residents in how businesses use and disseminate their personal information. In 2008, Illinois became one of the first states to be mindful of the uniqueness of biometrics with the passage of the … Read More

Change is in the California Air as Legislature Amends New Privacy Law

Zachary HeckBy Zachary Heck on Posted in Consumer Privacy Bill of Rights, Cyber Security

Last week, I had the pleasure of speaking at the 11th Annual Northern Kentucky University Cybersecurity Symposium. This year, over three hundred attendees ranging from IT and security professionals, to corporate executives and attorneys, gathered for workshops and presentations relating to nascent privacy and security issues. During my presentation, “So Goes California, So Goes the Nation,” I discussed the California Consumer Privacy Act (“CCPA”), and the California legislature’s recent amendments to the CCPA (“the Amendments”), which were … Read More

Yet Another Facebook Breach: Use this opportunity to get smart about your online privacy and security

Brian EatonScot GanowBy Brian Eaton and Scot Ganow on Posted in Data Breach

The struggles continue for Facebook. As you hopefully know by now, on Sept. 28, the social media giant announced a security breach affecting 50 million accounts. The breach involved the theft of password tokens that allow a user to stay signed in or to sign into numerous third party applications, such as Spotify, Instagram and Yelp, among thousands of others. We thought to take the opportunity with this most recent breach to remind you about best practices that can help … Read More

Perfect Labor Day Beach Reading: New York’s (Next) Round of Financial Cybersecurity Requirements

Scot GanowBy Scot Ganow on Posted in Cyber Security

I don’t mean to ruin your holiday weekend, but we thought to send out a friendly reminder on the next set of rolling deadlines and requirements from New York’s financial services cybersecurity law (23 NYCRR 500). A regulated organization that must comply with the law, or “covered entity,” is “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial … Read More

Proactive Approach to Cybersecurity Pays off in Ohio with New Data Protection Act

Scot GanowZachary HeckBy Scot Ganow and Zachary Heck on Posted in Cyber Security

Last November, Taft’s Scot Ganow and Bill Wagner wrote on Ohio first-of-its kind state legislation which would provide companies a safe harbor from some litigation resulting from a data breach. This month, Governor John Kasich signed the Ohio Senate Bill 220, also known as the Ohio Data Protection Act, into law. The law goes into effect in November, and is aimed at providing entities conducting business in Ohio with special protection from litigation in the event of a … Read More

Don’t Be Too Big for Your Breaches! Why Encrypted Data Can Be the Best Way to Avoid a Data “Breach”

Scot GanowBy Scot Ganow on Posted in Data Breach

Taft summer associate Jordan Jennings-Moore contributed to this article.

In today’s world, very few people remain completely unscathed by a data breach somewhere. From Target, to Anthem, Wendy’s or Equifax, individuals across the country have grown accustomed to getting breach notification letters. Most recently, Alabama and South Dakota became the last two jurisdictions in the United States to adopt data breach notification laws. This means that any person or entity conducting business in the U.S. must be … Read More

LexBlog