data privacy Archives

Cyber Captive Survey 2019 — AON

June 26th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data breach, data privacy, Insurance Companies, Risk Management|

Aon’s Cyber Captive Survey 2019 says that the rapid growth in the captive market of cyber-specific policies underscores that cyber is one of the primary risks for organizations across the world driven by an increasingly complex operational, technological and regulatory environment. Key findings include: Healthcare and energy industries are leading the way, with 19% and 15% of organizations in these industries utilizing captives for cyber coverage respectively. 41% of captives surveyed are incubating cyber risk. The range in limits of cover taken out is up to USD$100 million. An estimated 34% of all captives will be writing cyber in five years’ time. Read the complete report here!

First Class Action Lawsuit Filed on Behalf of Victims of First American Title Company Data Breach — Yahoo!

June 26th, 2019|Categories: Class Actions, HB Risk Notes, Technology Law|Tags: class actions, compliance, cybersecurity, data breach, data privacy|

"Gibbs Law Group LLP has filed the first nationwide class action lawsuit accusing First American Title Company of failing to properly secure 885 million sensitive customer files, instead choosing to store them in a 'woefully insecure,'” publicly-accessible system. “First American has turned the American dream of home ownership into a financial security nightmare for its customers,” according to the complaint. Specifically, the lawsuit alleges that First American Title Company was negligent, and violated its contracts with customers, in the way it stored their personal information, which included bank account numbers, Social Security numbers, financial and tax records, and photos of their drivers’ licenses. "This grave lapse in security resulted in publicly exposing hundreds of millions of customers’ personal files, leaving them vulnerable to identify theft and other cybercrimes," the plaintiffs maintain. Read the complete Press Release on Yahoo! here

The New York Privacy Act Would Allow Direct Action

June 5th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, data collection, data privacy, Privacy, regulations|

The New York Privacy Act, introduced last month by state Sen. Kevin Thomas, advocates for consumer agency over their personal data and would give New Yorkers the right to sue companies directly for privacy violations. Thomas wants companies to put customer data protection ahead of their budgetary and business goals. The bill summary reads: "Enacts the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared; creates a special account to fund a new office of privacy and data protection." "Fiduciaries, like an attorney or a doctor, hold onto your information. They don't share it, unless there is a need for the purpose for which they collected it,” Thomas said. “That's not what's going on here with these data companies and these data brokers. They're sharing it, and we're getting targeted.” Pushback from the tech industry has been swift. John Olsen, Director of the Internet Association, said, “The NY Privacy Act, in its current form, is unworkable for businesses that want to comply and fails to provide New York residents meaningful control over how their data is collected, used, and protected." Facebook also chimed in saying they would have to shut down Facebook [...]

Dr. Babyl: Artificial Intelligence Could Save Lives, Time and Money — TheDailyBeast.com

May 27th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), cybersecurity, data analytics, data privacy, Healthcare|

Itchy throat? Headache? Upset stomach? There's an app for that. There is a new AI healthcare system called Babylon UK’s National Health Service which features an AI-driven app that is reportedly able to separate “run-of-the-mill” illnesses from more life-threatening ones, while saving time, money, and anxiety for patients and doctors alike. Babylon offers more than diagnostic assistance; it is accessible to people in remote areas. "For example, Babyl, the Rwandan version of Babylon, offers remote appointments with clinicians, fills prescriptions, orders lab tests, and issues referrals.” Babyl enables affordable, personalized healthcare, combined with “the brains of thousands of doctors at once” to reach patients who cannot get to a doctor’s officer. In addition to assisting doctors with everyday check-ups and treating the common cold, the AI’s abilities extend to clinical trials. “In 2018 the Mayo Clinic partnered with IBM’s Watson to match patients with breast cancer to accessible clinical trials covered by their health plans. The matching program increased the enrollment of breast cancer sufferers in Mayo Clinic’s own clinical trials by 80%." Questions are being raised, however, about how to mitigate risks posed by hacking or by nefarious manipulation of the system. Read about this and more in the complete post by Joelle Renstrom on TheDailyBeast.com.

Moving Your Corporate Data to the Cloud: Top 13 Things to Think About as you Review Your Hosting Agreement — Judy Selby Consulting

May 6th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: data breach, data privacy, Duty to Indemnify, Insurance Companies, Risk Management|

Some data migration risks can be mitigated at the cloud contract stage, Allison Bird, Judy Selby’s partner at Clearview Privacy Consulting LLC, explains. Regarding indemnification, Bird says, "If data is lost or exposed by the hosting company, your company as well as any affiliates who use the services will be subject to suits from clients and individuals whose data was impacted. You may also be subject to regulatory scrutiny which could result in legal costs and regulatory penalties. To the extent possible, negotiate a full indemnification of third party claims arising out of the hosting services." She says the limitation of liability section of your hosting agreement "may be the single most important" part. "Your hosting company may make a lot of promises in the agreement. However, if their liability under the agreement is significantly capped, you won’t receive the monetary compensation necessary to make up for hosting company’s acts and omissions that damage the company. Negotiations for a higher cap will translate into real dollars in the event of a security incident." Of course, insurance is always a good solution if done right. "You can negotiate the perfect contract but unless your hosting company has a deep pocket, it may not have sufficient capital to make good on contractual obligations in the event of a breach or data loss situation, especially [...]

The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1) — Barnes & Thornburg

May 6th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: cybersecurity, data breach, data privacy, Insurance Companies, professional liability|

Cloud Risk: Do You Transfer Liability Along with Data? Many of us were using data clouds before we even knew what they were. Now, while most of us are comfortable with the concept, we may not be comfortable knowing who is liable when data is lost, damaged or breached. It's not a given that your cloud provider absorbs any liabilities, and it's not a given they can even afford the liability should it arise. Below are quotes from an article by Scott Godes, Kara Cleary, and Heidi Fessler of Barnes & Thornburg LLP on the subject, and a link to their complete article. Godes, Cleary, and Fessler list several cloud-related risks: data breaches, data loss, interruption of access, compromised credentials and broken authentication, and denial of service. But two other categories for concern are: #1. BYOC, or Bring Your Own Cloud. Employees may be innocently using productivity applications that store work data on non-company clouds, in effect, "bringing their own clouds" to the workplace. #2. Multi-Tenancy. This involves risks posed when unrelated cloud users are sharing the same computing resources. "Both the cloud provider and the user must be aware of system and data security to prevent a breach in the security. In addition, when a risk is realized, it may not always be clear who is at fault for the [...]

Anderson Kill’s 5th Annual Cyber Insurance Recovery Conference

May 6th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: cybersecurity, data breach, data collection, data privacy, regulations|

[one-half-first][/one-half-first] [one-half]Recent news of "Collection 1", a cache of sensitive data now appearing for sale on the dark web and comprised of an astonishing 773 million records, is a grim reminder of the scope of cyber perils for most. Last year's staggering tally of serious data breaches and theft coupled with a spate of new legislation for companies gathering, hosting and selling consumer data means policyholders must rise to the challenge. New state legislation compounds an already daunting federal and international regulatory landscape, and regulatory compliance will be a must to deal with the attendant fines, penalties and consumer claims that non-compliance can trigger. New technology also continues to drive the evolving conversation about the legal relationships between parties transacting business electronically. Risks range from anonymity that raises jurisdictional and collection issues to “immutable” record keeping that creates a permanent, public record of transactions. --Anderson Kill [/one-half] Find out more about this complimentary seminar from Anderson Kill here!

National Geographic Disclosed Customer Info, Class Action Says — Top Class Actions Blog

April 14th, 2019|Categories: Class Actions, Corporate Compliance, HB Risk Notes|Tags: class actions, compliance, data privacy, Privacy, regulations|

[one-half-first][/one-half-first] [one-half] "The National Geographic class action states that prior to and at the time that he subscribed to the magazine, the company did not notify him that it discloses the personal reading information of its customers. "Markham also claims that he wasn’t provided with any written notice that National Geographic makes a practice of renting, exchanging, or otherwise disclosing personal reading information to third parties, and provides no means of opting out. "However, the National Geographic information disclosure class action lawsuit says that since subscribing to National Geographic and between Mach 26, 2016 andJuly 30, 2016, National Geographic disclosed Markham’s personal reading information to data aggregators, data appenders, and/or data cooperatives." Read the complete post by Top Class Actions Editor Emily Sortor here. [/one-half]

Million-Dollar Settlement in Employee Background Check Case, Top Class Actions Reports

April 11th, 2019|Categories: Class Actions, Employment, HB Risk Notes, HB Tort Notes|Tags: class actions, compliance, data privacy, employment law, protected personal information (PPI)|

"Job applicants have secured a $1.2 million settlement ending allegations that Maxim Healthcare did not properly inform potential employees that they would have a consumer report pulled as part of the application process. Class Members include those who applied and got a job with the healthcare services company between May 5, 2009 and Aug. 27, 2012, who were also subject to a consumer report check by Maxim. The Maxim Healthcare class action lawsuit claimed that Maxim violated federal consumer privacy protections when procuring employee background checks."

Dan Mogin: Antitrust, Pro-Privacy Moves Led Outside U.S.

March 21st, 2019|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: antitrust, compliance, data privacy, E-Commerce, social media|

In a move that could redefine how 2.6 billion people use Facebook Messenger and Facebook’s acquired WhatsApp and Instagram apps, The New York Times reported on Jan. 25 that Facebook CEO Mark Zuckerberg plans to integrate the platforms. The announcement turned up the volume on antitrust and privacy warnings directed at the social media giant. “Facebook can be legitimately criticized for merging these apps after contrary assurances and perhaps for trying to dominate messaging,” MoginRubin Partner Dan Mogin said, “but perhaps more importantly, this is another example of the evolving convergence between antitrust and privacy that appears to be being driven by forces outside the US enforcement agencies. It’s a challenging issue for antitrust and may eventually lead to a sea change.” See the complete post on the MoginRubin Blog.

South Korea, EU Having ‘Adequacy’ Discussions

January 30th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: cybersecurity, data breach, data privacy, Information Technology Law, Legal Tech|

Because of its robust network connectedness, its advanced use of mobile devices and its rich collection of intellectual property, South Korea is a leading target for hackers. Discussions are under way between the EU and South Korea to determine, as a non-EU country, whether its data protections are adequate. Also, South Korea has joined the APEC Cross-Border Privacy Rules system. Significant caselaw is developing regarding this country’s 2011 data protection statute as well as its sector-specific laws. Daniel Solove and Paul Schwartz have selected Professor Haksoo Ko from the Law School at Seoul National University to speak at the International #PrivacySecurity Forum April 3-5, 2019. Ko will co-present to provide an up-to-date account of developments in South Korea and analyze the most important compliance hurdles. Learn more: http://bit.ly/IPSF-2019

Financial Institutions Struggle to Keep Up with ‘Changing Business Needs’ Such as Social Mobile Apps, and Getting Risk Data Quickly, Deloitte Report Suggests

January 27th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: compliance, cybersecurity, data analytics, data breach, data privacy|

Deloitte's report is based on a survey of 94 financial institutions around the world that operate in a range of financial sectors and with aggregate assets of $29.1 trillion. Deloitte's Edward Hida -- financial risk community of practice global leader and a partner in Deloitte Risk and Financial Advisory -- posted his executive summary the latest Global Risk Management Survey which is the organization's eleventh. The report is a detailed one and Deloitte draws quite a few conclusions around the continued focus on cyber security, engagement of boards of directors, increase attention to non-financial risks, the potential of digital risk management, enterprise risk management, the proliferation of Chief Risk Officers, an increased reliance on stress testing and more. A couple figures jumped out at me which show at least two challenges to financial institutions. Hear this Deloitte professional at ICRMC in Toronto April 15-16! Respondents are finding "extremely challenging" the need to keep up with changing business operational needs, such as deployment of social mobile applications, data analytics and cloud-based risks. Also in the "extremely challenging" category, not surprisingly, are threats from "sophisticated actors," like foreign governments and crackerjack hacktivists. Other issues categorized as "extremely high priority "revolve around getting quality risk data quickly. Given the average length of time other studies show that a hacker can poke around in your network before [...]