US

Today, the Illinois Supreme Court resolved the hotly disputed question of whether a one-year or five-year statute of limitations period applies to claims brought under the Biometric Information Privacy Act (“BIPA”). In Tims v. Black Horse Carriers, Inc., the Court conclusively held that a five-year statute of limitations period applies to BIPA claims, expanding

While Madison Square Garden might normally make headlines for musical artists or sporting events, the venue’s parent company, MSG Entertainment, has been in the spotlight following media and regulator attention regarding its use of facial recognition technology to ban certain individuals from its venues. Read on to learn more and its implications for other uses

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy World’s Kristin Bryan talks to Bloomberg Law on the Supreme Court’s In re Grand Jury Dismissal | Privacy World

2022 was another year of high activity and significant developments in the realm of artificial intelligence (“AI”) and biometric privacy related matters, including in regard to issues arising under the Illinois Biometric Information Privacy Act (“BIPA”) and others.  This continues to be one of the most frequently litigated areas of privacy law, with several notable rulings and emerging patterns of new activity by the plaintiffs’ bar.  Following up on Privacy World’s Q2 and Q3 2022 Artificial Intelligence & Biometric Privacy Quarterly Newsletters, be sure to read on for a recap of key developments and insight as to where 2023 may be headed.

Continue Reading Privacy World 2022 Year in Review: Biometrics and AI

Last week, the U.S. Securities and Exchange Commission (“SEC”) filed an enforcement action in federal court requesting that the court compel an international law firm to comply with an administrative subpoena by disclosing the names of its clients whose information was obtained by malicious actors through a cyberattack on the law firm.  This lawsuit may

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

LinkedIn’s Data Scraping Battle with hiQ Labs Ends with Proposed Judgment | Privacy World

SEC Accused of Violating FOIA Deadlines

Key Takeaway

A Massachusetts class action claim underscores that institutions of higher education will continue to be targets for cybercriminals – and class action plaintiffs know it.

Background

On January 4, 2023, in Jackson v. Suffolk University, No. 23-cv-10019, Jackson (Plaintiff) filed a proposed class action lawsuit in the U.S. District Court for the District of Massachusetts against her alma matter, Suffolk University (Suffolk), arising from a data breach affecting thousands of current and former Suffolk students.  
Continue Reading Another Lesson for Higher Education Institutions about the Importance of Cybersecurity Investment

The Federal Bar Association is hosting a Webinar/CLE featuring Privacy World’s Ericka Johnson and Colin Jennings on January 18, 2023 at 1pm EST.

Given the proliferation of litigation stemming from cybersecurity incidents, organizations need to understand how to protect a forensic report prior to responding to an incident. A forensic report is normally prepared by

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access | Consumer Privacy World

LinkedIn’s Data Scraping

Last month, the Securities and Exchange Commission (“SEC”) was hit with a complaint in federal court alleging that the agency has been untimely in responding to a Freedom of Information Act (“FOIA”) request for documents related to an admitted “control deficiency” that allowed certain SEC personnel to access databases in violation of the agency’s governing regulations.  The complaint piles on to recent challenges to the SEC’s enforcement structure, at a time when the SEC is proposing issuing cybersecurity and data privacy regulations affecting private entities.

To understand the significance of the complaint and FOIA request, a brief background on the SEC’s structure is necessary.  By statute, the SEC is authorized to conduct investigations into the violations of securities laws.  See 15 U.S.C. § 78u(a).  The SEC is also statutorily enabled to adjudicate cases against violators using an “in-house” administrative proceeding instead of filing a complaint in federal district court.  See, e.g., 15 U.S.C. §§ 78u-2, 78u-3.  However, the Administrative Procedure Act and corresponding SEC regulations prohibit any employee who is part of an enforcement investigation from either participating or advising in an adjudication or from communicating with the in-house judge without the accused violator present.  See 5 U.S.C. §§ 554(d), 557(d)(1); 17 C.F.R. 201.120–.121.

Continue Reading SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access