On January 18, during a luncheon fireside chat at the California Lawyers Association’s UCL Institute event in Los Angeles, Federal Trade Commission (“FTC”) Bureau of Consumer Protection Director Samuel Levine shared his insights on what data practices are of concern to him and to the FTC. Companies should take heed of his comments, the highlights
data breach
Government access to personal data in bank accounts: a compliance challenge for banks, and a threat to EU adequacy?
The UK Data Protection and Digital Information Bill (the Bill) received its second reading in the House of Lords on 19 December 2023. Although the Bill cleared that crucial milestone, the debate focused on the government’s last-minute introduction of sweeping powers enabling the Secretary of State to require banks and other financial service providers to monitor and to provide information from accounts into which benefits are paid. Although ostensibly intended to identify fraud, the Lords echoed the view expressed by campaigning group, Big Brother Watch, that it would be:
“wholly inappropriate for the UK Government to order private banks, building societies and other financial services to conduct mass, algorithmic, suspicionless surveillance and reporting of their account holders on behalf of the state”.Continue Reading Government access to personal data in bank accounts: a compliance challenge for banks, and a threat to EU adequacy?
2023 Privacy Compliance Year in Review
2023 was an eventful year for privacy legislation, regulation and regulatory enforcement. The compliance landscape continues to develop and evolve rapidly, making it difficult for covered businesses to keep up with the myriad requirements. In this post, we discuss some of the year’s most interesting privacy compliance developments globally.Continue Reading 2023 Privacy Compliance Year in Review
The Southern Co-op – Is the Use of ‘Spy’ Cameras Breaching UK Data Protection Laws?
The UK convenience store giant ‘Southern Co-op’ is facing the possibility of regulatory intervention and legal challenge following a complaint made by UK civil liberties campaign group Big Brother Watch (BBW) regarding the use of surveillance cameras in 35 Southern Co-op stores. Images of customers that a member of staff ‘reasonably expects’ to be committing ‘crime or disorder’ are captured and transformed into biometric data. The data of those ‘identified as an offender’ is then stored and checked against the database of facial recognition technology provider, ‘Facewatch.’
Continue Reading The Southern Co-op – Is the Use of ‘Spy’ Cameras Breaching UK Data Protection Laws?
Two More Nails in the Coffin for Opportunistic Data Breach Claims
Following on from a string of cases in 2021 concerning minor data breaches (see our earlier article here), two further cases in Q1 of 2022 have continued the trend of High Court scepticism. Such compensation claims, usually involving multiple causes of action, often find themselves trimmed down and sent to the County Court, if…
Double Trouble: Why Organisations Need to Consider the Legal Consequences of Ransomware and DDoS Attacks
Ransomware and DDoS attacks are costly to organisations that fall victim in terms of reputational damage, picking up the pieces as well as potential enforcement from the ICO and compensation claims by data subjects.
Continue Reading Double Trouble: Why Organisations Need to Consider the Legal Consequences of Ransomware and DDoS Attacks
Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd
Over the past few years, there has been an increasing number of claims against businesses and public bodies for distress caused by data breaches. The pattern is, by now, a familiar one. A claimant will make a claim for breach of data protection legislation, seeking damages at a relatively low value for the distress and anxiety they say has been caused by the data breach. This claim will be accompanied by claims for one or more of: misuse of private information, breach of confidence and negligence. Added on to the damages claimed will be the legal costs of the claimant’s lawyers, together with the after-the-event (“ATE”) insurance premium for the policy the claimant will have procured to bring a privacy claim. As a result, the defendant is faced with a difficult decision – pay over the odds for a claim where the claimant has suffered no financial loss, or fight litigation with the risk of mounting costs on both sides if the decision goes against them.
Following a cyber-attack in 2017 and 2018, this is the situation that faced DSG Retail Limited (“DSG”), and which has led to an important judgment for these data breach claims, Warren v DSG Retail Ltd [2021] EWHC 2168 (QB).
Continue Reading Narrowing the Scope of Data Breach Claims? – Warren v DSG Retail Ltd
HO HO HOLD UP! Federal Government Warns Consumers of Holiday Cyber Threats (and Companies Should Take Note Too)
‘Tis the season.
Cybercrimes always increase during the holidays, but this year could reach new threat levels. With COVID-19 (and as confirmed by the decreased Black Friday foot traffic versus the increased Cyber Monday sales), Americans are expected to do most of their holiday shopping online this year. In response to this development, the Cybersecurity…
Ups & Downs in Healthcare Data Breach Litigation—Federal Court Tosses Damages Class, but Leaves Case on Life Support by Certifying Injunctive Class
As CPW has covered, healthcare data breaches are on the rise (and are likely to continue to do so in light of the rise in telehealth in 2020). Despite the recent proliferation of data breach litigation, case law hasn’t caught up—you can count on your hands the number of times any court, state or…
District Court Decides Capital One Forensic Report Dispute
On June 25, 2020, the United States District Court for the Eastern District of Virginia upheld a Magistrate Judge’s order, compelling Capital One to produce the Mandiant Report at issue in the matter of In Re: Capital One Consumer Data Security Breach Litigation (See MDL No.1:19md2915).
The decision put to rest the month-long dispute over…