The highly-anticipated annual Betterley Report on cyber insurance was released right before the 4th of July holiday weekend.  In the free summary of the issue, there is mention of the 29 insurers now providing some form of network security and privacy insurance.  Betterley projects the existing market to be in the $800 million range — [...]

In a widely anticipated decision, the United States Supreme Court today unanimously reversed a U.S. Court of Appeals for the Ninth Circuit ruling that allowed a class action to go forward against Wal-Mart.   And, in its majority ruling, the Court found that the action should be completely dismissed given that plaintiffs could not ultimately overcome [...]

On June 7, 2011, Senator Patrick Leahy introduced “The Personal Data Privacy and Security Act” — the fourth time he has introduced this particular piece of legislation.  According to the senator’s press release, the law would ”establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information [...]

On the heels of the breach that potentially exposed RSA’s source code for its SecurID tokens- the same tokens used every day by thousands of employees to access their corporate VPNs -  a defense contractor acknowledged on May 27, 2011 that its network may have been compromised as an indirect result of the RSA breach.  [...]

On March 25, 2011, Fordham Law School conducted a timely symposium on the legal and privacy policy implications of location-based technologies, i.e., those technologies that collect and use data indicating a person’s specific physical location.  The lively panel discussions all had one underlying theme – location-based tracking may be pervasive but the relevant policies are [...]

In what has become an annual mecca for the data security industry, thousands visit San Francisco each February to attend “RSA” — a conference named after the network security company purchased by data storage firm EMC five years ago.  This mega-conference caters to the security cognoscenti — as well as those who only profess to [...]

In a class action suit filed against Amazon.com, Inc.  on March 2, 2011, plaintiffs argue that “Amazon circumvents the privacy filters of IE users by spoofing [Internet Explorer] into categorizing Amazon.com as more privacy protective than it actually is” and seek relief “under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030; the [Washington [...]

On the heels of the Cignet Health CMP, the OCR has just announced a Resolution Agreement with Massachusetts General that includes a $1 million “resolution amount”.  Under this Resolution Agreement, Mass General is also required to develop and implement “a comprehensive set of policies and procedures to safeguard the privacy of its patients.” According to [...]

As shown by yesterday’s press release and this morning’s email blast, OCR is certainly eager to let the world know that it just issued a Notice of Final Determination and Notice of Proposed Determination finding that Cignet Health violated the HIPAA Privacy Rule to the tune of $4.3 million dollars. According to yesterday’s Associated Press [...]

Over the years, plaintiffs’ class action counsel have utilized their jet flyover time trying to create a claims theory that would be common to any victim of a data breach event.   For the reasons set forth in the first of this two-part post, theories based on a “fear of ID theft” or “lost time and [...]