Litigation and legal developments concerning data breaches.
A draft of federal cyber incident reporting rules for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) has been posted in the Federal Register. It’s not exactly light reading, weighing in at a whopping 447-page Notice of Proposed Rulemaking. The rules will require critical infrastructure entities to notify the federal government of […]
The Readable explains: A decade-long legal battle involving a data breach that affected the majority of the South Korean population concluded last week. The court confirmed a compensation award of $48 million to a credit card company. The Supreme Court of Korea has rejected the appeal of the defense and ordered the company to pay […]
The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines. The guidance provides greater transparency for organizations about how the ICO goes about using its fining power. Tim Capel, ICO Director of Legal Service, said: “We believe the guidance will provide certainty and clarity for […]
On March 14, 2024, the Court of Justice of the EU (“CJEU”) ruled that EU supervisory authorities have the (corrective) power to order data controllers who have been found to process personal data unlawfully to erase such personal data, even if the data subjects have not requested the erasure. (Case C‑46/23) The CJEU ruled that […]
Law enforcement has been providing new information each day about the disruption to LockBit’s operations. In today’s news, there’s a reward offered for information on the perpetrators and affiliates. The reward offer was published by the U.S. Department of State: The Department of State is announcing reward offers totaling up to $15 million for information […]
Tech Times reports: A study by researchers from the University of Minnesota and George Mason University has reportedly claimed that US cybersecurity laws on breach notifications have little to no effect on curbing data breach incidents in the country. The legislation that requires businesses to tell customers if their data has been compromised, known as breach notification laws (BNLs), enacted by governments of […]
The biggest cybercrime news of the week may be the takedown of LockBit3.0, but U.S. law enforcement also made news last week by announcing rewards for information leading to the identification or location of leaders of AlphV (BlackCat) or those who participate in it. Here is the press release from the U.S. Department of State: […]
The Record reports 118 class action lawsuits have been filed against data brokers who allegedly failed to respond to requests from New Jersey law enforcement personnel who requested their personal information be removed from the internet. Daniel’s Law, named for Daniel Anderl, the son of Judge Esther Salas and Mark Anderl, who was murdered by […]
In honor of Privacy Day, Steven A. Augustino and Jack Pringle of Nelson Mullins have highlighted new security breach rules promulgated by the Federal Communications Commission (FCC). Their article begins by pointing out something also noted in the healthcare sector, where increasing concurrent jurisdiction increases the number of federal and state regulations entities must comply […]
Do you know what your cyber policy covers? (Southwest Airlines v. Liberty Insurance Underwriters)
An article by attorneys at Barnes & Thornburg LLP discusses a court case that serves as a useful reminder of how provisions of cyber policies may be interpreted when it comes to coverage of cyber-related incidents — even when those incidents are not data breaches. In 2016, Southwest Airlines suffered a computer system failure that […]