Given that California (and many others) have adopted GDPR-like measures, this could be an interesting read. On a specific point, negligence underpins just about all legal actions so you should look at how to show that your business has not been negligent by adopting best practise in security and privacy measures...: Negligence. For the last five years, BCLP has published the leading analysis of data breach class action litigation.1 As part of that study, BCLP has reviewe...
An interesting conundrum. If you ask a supplier to prove that they have effective security controls in place and they furnish documentation to that effect, who is 'guilty' when there is a breach; the supplier, their auditor, you?...: In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a co
Employing people in California now has one more risk, they might sue you if there's a data breach...: “Consumers” can bring suit under the CCPA if they can prove the following five elements: A business incurred a data breach; The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5; The business had a legal duty to protect the personal information from breach; The business failed to implement reasonable
Doing business with residents of NY State? Time to update your breach notification procedures...: [...] The SHIELD Act updates the breach notification requirements so that they apply to all individuals or businesses who own or license private information of a New York resident, not just to those that “conduct business” in New York State and expands the current law’s definitions of “private information” and “breach.” These changes have far reaching implications to persons or