Privacy Cybersecurity Newsletter

August 2018

Locke Lord's Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

In This Issue

Follow the Leader: NYDFS Cybersecurity Regulation Leads the Way for Other States and Industries
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial services and insurance industries. read more

Biometrics: Illinois Supreme Court to Decide Whether Injury Is Required for Biometric Information Privacy Act Claims
On May 30, 2018, the Illinois Supreme Court accepted an appeal from an Illinois appellate court’s decision rejecting “no-injury” lawsuits under Illinois’s Biometric Information Privacy Act (BIPA) [Dkt. No. 123186]. read more

Dropping Another Stone in the Pond? California’s New Consumer Privacy Act
California may have again taken the privacy protection lead among U.S. jurisdictions with the Governor’s signing on June 28, 2018 of the California Consumer Privacy Act of 2018 (AB 375) (the “Act”). read more

State Legislative Action on Data Breach Laws
The changes keep coming! In 2018, state legislatures have been active in enacting and amending data breach notification laws. With Alabama’s recent enactment, all 50 states now have data breach notification laws. read more

Third Circuit Limits ATDS Definition under the TCPA to Random Number Dialers
In the most significant case to interpret what constitutes an “automatic telephone dialing system” (ATDS or autodialer) under the Telephone Consumer Protection Act (TCPA) in the wake of the D.C. Circuit’s decision in ACA Int’l v. FCC, the Third Circuit dealt a major blow to TCPA plaintiffs. read more

South Carolina Department Clarifies Confusing Change in Its New Insurance Data Security Act
As reported on Locke Lord’s InsureReinsure blog, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on the NAIC model. read more

Testing the Limits III – Cyber Coverage Litigation Focuses on Computer Fraud Losses
Fraudsters deploy different computer-related techniques but toward the same end – “gaming the system” for their own financial gain. read more

OCR For the Win: MD Anderson HIPAA Enforcement Action
Once again, an Administrative Law Judge (ALJ) upheld the imposition of civil money penalties charged against a covered entity by the Office for Civil Rights of the Department of Health and Human Services (OCR) for violations of the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). And this time, the penalties are substantial – $4.3 million. read more 

Locke Lord Presents Workshops on Cybersecurity Risk in Vendor Management in Chicago and Hartford; Will Reprise in Dallas and Houston in the Fall
Third party vendors, outsource providers, and cloud providers are critical to the operations of all organizations. Yet they also introduce a significant cybersecurity risk. read more