You are here
Home > News > Cyberlaw

CCPA Security FAQs: What legal theory are plaintiffs most likely to assert in a data breach class action in addition to the CCPA?

Given that California (and many others) have adopted GDPR-like measures, this could be an interesting read. On a specific point, negligence underpins just about all legal actions so you should look at how to show that your business has not been negligent by adopting best practise in security and privacy measures...: Negligence. For the last five years, BCLP has published the leading analysis of data breach class action litigation.1  As part of that study, BCLP has reviewe...

Delta Sues Vendor for Causing Data Breach

An interesting conundrum. If you ask a supplier to prove that they have effective security controls in place and they furnish documentation to that effect, who is 'guilty' when there is a breach; the supplier, their auditor, you?...: In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a co

Blog: Three top issues for town and parish councils

The advent of the GDPR in May 2018 brought new data protection obligations for many organisations. Some of this presented a challenge, particularly for smaller organisations like parish and town councils, who we saw were keen to demonstrate their compliance but needed support to achieve this.

CCPA Security FAQs: Can employees bring a class action under the CCPA following a data breach?

Employing people in California now has one more risk, they might sue you if there's a data breach...: “Consumers” can bring suit under the CCPA if they can prove the following five elements: A business incurred a data breach; The data breach involved a sensitive category of information identified in California Civil Code Section 1798.81.5; The business had a legal duty to protect the personal information from breach; The business failed to implement reasonable

SHIELD Act Becomes Law, Expanding Breach Notification and Data Security Requirements

Doing business with residents of NY State? Time to update your breach notification procedures...: [...] The SHIELD Act updates the breach notification requirements so that they apply to all individuals or businesses who own or license private information of a New York resident, not just to those that “conduct business” in New York State and expands the current law’s definitions of “private information” and “breach.” These changes have far reaching implications to persons or