Privacy + Cyber

Subscribe to Privacy + Cyber via RSS

A recent decision out of the Northern District of Illinois should help banks defend against increasingly common claims involving fraudulent wire transfers. In Trivedi v. Bank of America, et al., the district court granted the defendant banks’ motions to dismiss, holding that the plaintiff’s common law claims were preempted by the Illinois Uniform Commercial Code (UCC), the consumer fraud claims failed to meet R. 9(b)’s heightened pleading standard, and claims under the Electronic Funds Transfer Act failed to state a claim.

On May 9, Clearview AI (Clearview) and the American Civil Liberties Union (ACLU) reached a settlement whereby Clearview agreed to a nationwide injunction blocking many private entities, and some public entities, from accessing its database of face prints. The settlement highlights the force of the Illinois Biometric Information Privacy Act (BIPA) and demonstrates how state

Thursday, May 26 • 12:00 – 1:00 p.m. ET

California was the first state to enact a comprehensive state privacy bill with the California Consumer Privacy Act of 2018 (CCPA). Although the CCPA went into effect on January 1, 2020, it was significantly overhauled during California’s November 2020 General Election, when the California Privacy Rights

On May 3, Judge Grimm of the U.S. District Court for the District of Maryland issued a class certification decision in a consumer data breach multidistrict litigation case against an international hotel and resort management company, becoming one of the few district courts to certify Rule 23(b)(3) classes in this type of case. The litigation

On April 28, the Connecticut House passed Senate Bill 6, an act concerning personal data privacy and online monitoring (SB 6 or Connecticut Act). The Senate unanimously passed SB 6 on April 20, and is now currently under consideration by Governor Ned Lamont. If the bill becomes law, it will go into effect on

On March 15, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (Act). Many outlets reporting on the Act focused on its 72-hour breach notification requirement. But such reports created uncertainty over the Act’s application and requirements, as well as the steps an organization should take in response to the Act.

To help resolve

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the

On April 5, the Securities and Exchange Commission (SEC) announced that two employees improperly accessed adjudicatory materials for cases being litigated in the agency’s in-house court system. The access occurred in 2017, and the SEC stated the breach “did not impact the actions taken by the staff investigating and prosecuting the cases or the commission’s

On March 25, a huge sigh of relief was heard from businesses and organizations located throughout the United States and Europe after the U.S. and European Commission announced their agreement in principle on a new Trans-Atlantic Data Privacy Framework (Framework) to effectuate the cross-border transfer of personal data from the European Union (EU) to the

On March 24, Governor Spencer J. Cox signed the Utah Consumer Privacy Act (UCPA), making Utah the fourth state in the country to adopt a comprehensive privacy law. The UCPA is set to take effect on December 31, 2023, and this law’s substantive requirements closely mirror the Virginia Consumer Data Protection Act (VCDPA). The UCPA