MenuClose
Oct 23

Attention Higher Ed: Recommended Data Security Steps in the Wake of the DOE’s Dear Colleague Letter

Here are some recommendations that Stephen Grossman and I recently published to help institutions of higher education meet the expectations of federal regulators (including, most notably, DOE) with respect to information security and student data privacy. As you’ll see, our recommendations focus on the particular… Read More

Oct 06

Standing on the Spectrum of Data Breach Harm

In another victory for class-action data theft/breach plaintiffs, last week in Enslin v. The Coca-Cola Co., the Eastern District of Pennsylvania denied a motion to dismiss the case for lack of standing. There, Shane Enslin sued the Coca-Cola Company and various other Coca-Cola entities (“Coke”)… Read More

Posted by

Categories

Uncategorized
Sep 15

Pennsylvania Department of Banking Weighs In on Cybersecurity

On Wednesday, the Pennsylvania Department of Banking (“DOBS”) issued a two page letter to the Pennsylvania financial services industry with a succinct, clear message: get your cybersecurity houses in order or else. The DOBS letter specifically highlights the grave risks that accompany the banking industry’s… Read More

Sep 03

In the Wake of Wyndham’s Alleged Mistakes, Businesses Should Review Cybersecurity Policies

This post was co-authored by Michael B. Hayes, a partner in Montgomery McCracken’s Litigation Department.  He serves an editor of the firm’s Data Privacy Alert blog, which focuses on data privacy and cybersecurity issues. Michael can be reached at 215.772.7211 or at mhayes@mmwr.com. The old… Read More

Aug 21

National Cybersecurity Center of Excellence releases its first cybersecurity practice guide: “Securing Electronic Health Records on Mobile Devices.”

As we discussed during a recent webinar, Cybersecurity: A Mid-Year Legal Review, damaging health care data breaches are being reported with increasing frequency. Earlier this year, the FBI issued a private notice to the healthcare industry warning providers that their cybersecurity systems are lax compared… Read More

Aug 07

Ringing the Bell: The Dept. of Education’s Security Mandate to Higher Education

In the wake of the OPM data breach, it is no wonder that the U.S. Government has begun to think seriously about the implications of data breaches more broadly.  For anyone who has had the pleasure of filling out a FAFSA form, the financial aid… Read More

Jul 30

Burying The Lead: Company Insiders Responsible For Most Data Breaches, Not Hackers

This post was co-authored by Christine M. Prokopick, an associate in Montgomery McCracken’s Litigation Department. She serves an editor of the firm’s White Collar Alert blog, which focuses on white collar crime and government investigations. Christine can be reached at 215.772.7233 or at cprokopick@mmwr.com. Nearly every… Read More

Jul 24

A Standing Ovation for Plaintiffs in Data Breach Cases

Earlier this week, in Remijas v. Neiman Marcus Group, the Seventh Circuit reinstated a class action against Neiman Marcus stemming from a 2013 data breach.  In so doing, it was the first court of appeals to find that the data breach plaintiffs’ actual injuries, future… Read More

Jul 20

Is there a “Constitutional Right to Informational Privacy”?

Only July 8, 2015, the National Treasury Employees Union filed the second class action against (now former) OPM Director Archuleta stemming from the massive OPM data breach.  While the plaintiffs in the first OPM data breach lawsuit, briefly discussed here, alleged violations of the Privacy… Read More

Jul 08

Glass Houses: Comparing the FTC’s data security “guidance” against the OPM’s reported data security failures

On June 30th, the Federal Trade Commission issued data security “guidance” for business as part of its “Start with Security” initiative. According to the FTC, its new guidance is drawn from “lessons learned from the more than 50 law enforcement actions the FTC has announced… Read More