In what is becoming a pattern, the Illinois Supreme Court recently issued another decision interpreting the Biometric Information Privacy Act (“BIPA”) to expand potential liability for businesses. The court held in Cothron v. White Castle that each time a business collects or discloses an individual’s biometric data without first obtaining BIPA-compliant consent, a separate claim

Online businesses that sell to California residents should take note of a recent enforcement action by the state’s attorney general (AG) signaling that adequate notice of sale must be provided in a business’s privacy policy, California residents’ opt-out requests must be honored, and, from the AG’s perspective, the use of third-party cookies for targeted advertising

The United States Supreme Court recently issued its decision in Dobbs v. Jackson Women’s Health Org., ––– U.S. –––, 2022 WL 2276808 (2022), overturning Roe v. Wade, 410 U.S. 113 (1973), and Planned Parenthood of Southeastern Pennsylvania v. Casey, 505 U.S. 833 (1992). In holding that the U.S. Constitution does not protect

In a recent decision upholding the denial of a motion to compel arbitration, a panel of the Ninth Circuit provided new guidance about the formation of online contracts under California and New York law.1 The court held that, to place a consumer on inquiry notice of terms and conditions on a website, the website

In typical email fraud cases, victims can rarely trace their funds to ‘first layer’ bank account(s) where they were initially persuaded by fraudsters to transfer their money. Usually, by the time fraud is discovered, the funds are long gone; or transferred onwards to second, third or even fourth-layer recipients, who may well be innocent third

Cybersecurity has become critically important to plan sponsors, plan administrators and plan participants. With retirement plans holding an estimated $9.3 trillion in assets as well as sensitive information for approximately 140 million plan participants, retirement accounts are especially attractive targets for cyber-enabled fraud. For instance, sophisticated phishing email schemes have proliferated during the COVID-19 pandemic,

The General Data Protection Regulation (“GDPR”) has extraterritorial reach, meaning that many organisations based outside the European Economic Area (“EEA”) and the United Kingdom (in the case of the UK GDPR) must comply with GDPR obligations for personal data processing activities which fall within the territorial scope of Article 3 of

On September 18, 2020, the United States Department of Commerce announced prohibitions on certain transactions relating to the mobile application (“app”) WeChat that were slated to take effect on September 20, 2020.1 These prohibitions would ban new downloads of the app by consumers in the United States and effectively disable the functionality of the

The Supreme Court last week heard the supermarket chain Morrisons argue that it should not be held vicariously liable for its then in-house senior internal auditor publishing the personal data of almost 100,000 employees deliberately and without authorisation.

In seeking to overturn the judgment of the Court of Appeal that it is vicariously liable, Morrisons