In what is becoming a pattern, the Illinois Supreme Court recently issued another decision interpreting the Biometric Information Privacy Act (“BIPA”) to expand potential liability for businesses. The court held in Cothron v. White Castle that each time a business collects or discloses an individual’s biometric data without first obtaining BIPA-compliant consent, a separate claim
Litigation
CA Attorney General Says ‘The Kid Gloves Are Coming Off’; Announces $1.2M Settlement with Retail Co. for CCPA Sales Violation
Online businesses that sell to California residents should take note of a recent enforcement action by the state’s attorney general (AG) signaling that adequate notice of sale must be provided in a business’s privacy policy, California residents’ opt-out requests must be honored, and, from the AG’s perspective, the use of third-party cookies for targeted advertising…
HIPAA Privacy Concerns Post-Dobbs
The United States Supreme Court recently issued its decision in Dobbs v. Jackson Women’s Health Org., ––– U.S. –––, 2022 WL 2276808 (2022), overturning Roe v. Wade, 410 U.S. 113 (1973), and Planned Parenthood of Southeastern Pennsylvania v. Casey, 505 U.S. 833 (1992). In holding that the U.S. Constitution does not protect…
Ninth Circuit Provides Guidance Regarding Online Contract Formation
In a recent decision upholding the denial of a motion to compel arbitration, a panel of the Ninth Circuit provided new guidance about the formation of online contracts under California and New York law.1 The court held that, to place a consumer on inquiry notice of terms and conditions on a website, the website…
Hong Kong Ruling Favoured Email Fraud Victim Over Third Party Recipients Who Used Underground Banking
In typical email fraud cases, victims can rarely trace their funds to ‘first layer’ bank account(s) where they were initially persuaded by fraudsters to transfer their money. Usually, by the time fraud is discovered, the funds are long gone; or transferred onwards to second, third or even fourth-layer recipients, who may well be innocent third…
New Cybersecurity Insights From ERISA Rulings, DOL Advice
Cybersecurity has become critically important to plan sponsors, plan administrators and plan participants. With retirement plans holding an estimated $9.3 trillion in assets as well as sensitive information for approximately 140 million plan participants, retirement accounts are especially attractive targets for cyber-enabled fraud. For instance, sophisticated phishing email schemes have proliferated during the COVID-19 pandemic,…
English High Court Considers Limits of the Extraterritorial Reach of the GDPR in Relation to an Overseas Website
The General Data Protection Regulation (“GDPR”) has extraterritorial reach, meaning that many organisations based outside the European Economic Area (“EEA”) and the United Kingdom (in the case of the UK GDPR) must comply with GDPR obligations for personal data processing activities which fall within the territorial scope of Article 3 of…
US Commerce Department Identifies Prohibited Transactions with WeChat But Implementation Delayed
On September 18, 2020, the United States Department of Commerce announced prohibitions on certain transactions relating to the mobile application (“app”) WeChat that were slated to take effect on September 20, 2020.1 These prohibitions would ban new downloads of the app by consumers in the United States and effectively disable the functionality of the…
Covid-19-Related Implications For Liability Insurers In Hong Kong
The first case of COVID-19 was reported in Hong Kong nearly five months ago, on 22 January 2020. No new local cases have been recorded for over two weeks and social distancing measures are being eased to allow the city to return to some semblance of normality. However, it will be a case of “so…
Who Guards the Guards? A Company’s Liability in the Event of a Trusted Employee Publishing Personal Data Without Authorisation
The Supreme Court last week heard the supermarket chain Morrisons argue that it should not be held vicariously liable for its then in-house senior internal auditor publishing the personal data of almost 100,000 employees deliberately and without authorisation.
In seeking to overturn the judgment of the Court of Appeal that it is vicariously liable, Morrisons…