Spencer Fane LLP Logo
Latest Posts

Revisit Privacy Notices for the New Year

Consumer-facing privacy notices carry legal consequences and a carefully drafted privacy notice may function to save a company in data privacy litigation or regulatory actions. Accordingly, several reasons exist for companies to frequently revisit privacy notices.

Yahoo! Data Breach Settlement Increases Risk for Companies’ Directors and Officers

The recent Yahoo! settlement marks a substantial step in data breach shareholder derivative litigation that increases the risk for officers and directors of companies that have a data breach. On January 9, 2019, Yahoo! Agreed to pay a total of $29 million to its shareholders to settle a lawsuit against several former directors and officers alleging that their poor management of the company led to the data breaches which substantially impacted the company’s value.

Illinois: Land of 12 Million Biometric Privacy Regulators

The Supreme Court of Illinois recently held that every Illinois citizen has a private right of action to enforce violations of the Illinois Biometric Information Privacy Act (“BIPA”) without alleging or showing actual harm. Businesses collecting, using and storing the biometric data of Illinois consumers take notice:  there are over 12 million regulators with the power to enforce this law against you. But don’t worry too much, the state’s high court promises that “Compliance should not be difficult.”

Texas Businesses Must Implement and Maintain Reasonable Cybersecurity Safeguards According to State Attorney General

Texas law requires businesses to implement and maintain reasonable cybersecurity, which they should do so with a written program for managing cyber risk and protecting sensitive customer information. This warning came from the state’s Attorney General following his office’s $1.5 Million settlement with Neiman Marcus over its 2013 data breach.

Pennsylvania Employers Have a Duty to Safeguard Employees’ Data, Says High Court

Late last year, the Supreme Court of Pennsylvania ruled that employers have a legal duty to safeguard employee’s sensitive personal information stored on an internet-accessible computer system and that the state’s economic loss doctrine allowed the plaintiffs in Dittman to recover for purely monetary damages. 

Protect Your Company Against W-2 Business Email Compromise Attacks During Tax Season

The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season.

EDPB Guidance on GDPR’s Jurisdictional Scope

For many U.S. organizations, figuring out whether – and to what extent – Europe’s General Data Protection Regulation (“GDPR”) applies to your operations has caused a lot of headaches. Do you have an “establishment in the [European] Union”? Are you “offering…goods and services…to…data subjects in the Union”? Are you “monitoring” the behavior of data subjects in the Union? How will these terms be interpreted and enforced?

New South Carolina Insurance Data Security Act

South Carolina has recently enacted a new insurance data security law entitled the South Carolina Insurance Data Security Act. The new legislation generally applies to licensees (any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered, under the insurance laws of South Carolina) with ten or more employees or independent contractors.

Cyber Resolutions for the New Year

As we enter 2019, social media is flooded with resolutions for self-improvement, let us propose a few:

Notice – Colorado Changes to Data Privacy Laws

Three major changes to Colorado data privacy laws became effective September 1, 2018.  These affect virtually all business collecting personally identifying information (PII)[1] from Colorado residents:

1 2 3 4 Showing 11-20 of 37 results View All