negligence, safety, texting
New Jersey Court Says One Can Be Liable For Sending a Text That Causes an Auto Accident
By InfoLawGroup LLP on August 28, 2013
Georgia, Gramm-Leach-Bliley, negligence
Georgia Supreme Court Holds That Gramm-Leach-Bliley Statutory Policy Statement Does Not Create Legal Duty Under State Negligence Law
By InfoLawGroup LLP on June 26, 2013
11th Circuit, causation, cognizable harm, damages, data breach, data security, Hannaford data breach payment card PCI DSS, identity the, motion to dismiss, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence
Eleventh Circuit Rules "Damages" Properly Alleged in Data Breach-Identity Theft Lawsuit
By InfoLawGroup LLP on September 17, 2012
best practices, bill, Colorado, Gross Negligence, HB 11-1225, negligence, Pabon, Regulation, Security
A Novel Data Security Law Proposed in Colorado
By InfoLawGroup LLP on February 24, 2011
Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.
Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number
IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim
By InfoLawGroup LLP on February 03, 2011
InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.
behavioral marketing, best practices, commerce department, FTC, InfoLawGroup, online privacy, privacy by design, privacy enforcement, privacy governance, privacy news
Privacy News Round-Up: Lessons Learned
By InfoLawGroup LLP on November 10, 2010
Several important privacy issues were in the news in the first half of this week. Here's our take on these stories, which covered online data collection, employee privacy and legislative battles about the future of privacy.
Breach, fiduciary duty, Heartland, litigation, negligence, payment card, PCI DSS, third party beneficiary
Heartland Bank and Keybank's Motion to Dismiss
By InfoLawGroup LLP on July 13, 2010
AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards
Information Security Standards and Certifications in Contracting
By W. Scott Blackmer on May 26, 2010
It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.
agility, best practices, compliance, IAPP, information governance, IT, Law, legal defensibility, outsourcing, privacy professionals, risk, Security, security breach, technology, whitepaper
Privacy's Trajectory
By InfoLawGroup LLP on March 14, 2010
As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, "A Call For Agility: The Next-Generation Privacy Professional," tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.
damages, injury-in-fact, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence, security breach litigation, standing
Quickhits: Federal Judge Dismiss Aetna Data Breach Case Due to Lack of "Injury-in-fact"
By InfoLawGroup LLP on March 12, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
class action, FTC, Hannaford, malware, negligence, security breach litigation, SQL injection, State case law
Merchant Liability for "Time and Effort" Following Security Breach?
By W. Scott Blackmer on October 09, 2009
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders' "loss of time and effort" are sufficient injuries to ground a negligence claim following a payment card security breach.
appropriate, civil litigation, compliance, FTC, legal requirements, negligence, portable devices, public networks, reasonable, security measures, unfair practices, wireless
Code or Clear? Encryption Requirements under Information Privacy and Security Laws (Part 1)
By W. Scott Blackmer on October 01, 2009
"Exactly what data do we have to encrypt, and how?" That's a common question posed by IT and legal departments, HR and customer service managers, CIOs and information security professionals. In the past, they made their own choices about encryption, balancing the risks of compromised data against the costs of encryption. Those costs are measured not merely by expense but also by increased processing load, user-unfriendliness, and the remote but real possibility of lost or corrupted decryption keys resulting in inaccessible data. After weighing the costs and benefits, most enterprises decided against encryption for all but the most sensitive applications and data categories.
Breach, negligence, Security
Merrick Bank v. Savvis Update: Savvis Files Motion to Dismiss
By InfoLawGroup LLP on June 23, 2009
information security law, Legislation, negligence
Nevada Law Incorporates PCI and Provides a Liability Safe Harbor
By InfoLawGroup LLP on June 22, 2009
Breach, credit cards, negligence, Security
PCI Service Provider Contracting
By InfoLawGroup LLP on June 11, 2009
Breach, credit cards, negligence, Security
Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint
By InfoLawGroup LLP on June 03, 2009
Breach, consumer fraud, credit cards, negligence, Security
The TJX Case: It Lives! With a New Theory of Liability: "Unfairness"
By InfoLawGroup LLP on May 02, 2009
Breach, credit cards, negligence
Ruiz v. Gap: Increased Risk of ID Theft Not Damages
By InfoLawGroup LLP on April 13, 2009
negligence, Security
Is Something Wrong With PCI?
By InfoLawGroup LLP on January 22, 2009
