Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report

Share

Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.

Continue reading

As Cyberattacks Rise, U.S. Business Readiness Falls

Share

Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.

Continue reading

Supreme Court Gives Companies Another Tool To Fend Off Data Breach Class Actions

Share

In the wake of data breaches, companies may find themselves targets of class actions by customers or employees whose personal information was compromised in the breach. The exposure is considerable, with an estimated 765 million people impacted by data breaches between April and June of 2018. As we previously reported, some courts have allowed consumer and employee data breach cases to proceed despite threshold challenges – leading to multi-million-dollar settlements. And in Dittman, Pennsylvania’s Supreme Court recently held that an employer owed an affirmative duty to exercise reasonable care to protect employees’ personal nonpublic data from data breaches.

Continue reading

U.S. Supreme Court Declines to Hear Zappos Data Breach Case

Share

The Supreme Court recently declined to review the Ninth Circuit’s decision in Zappos.com, Inc. v. Stevens, a class action suit resulting from a 2012 data breach of the online retailer. As a result, there remains a split in the courts as to whether a breach of data confers Article III standing on potential plaintiffs, even if no actual injury occurred.

Continue reading

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Cookie Policy | Privacy Policy