The price of consumer data: Marriott, Starwood, and the Federal Trade Commission
11/20/24
By: Zohar Peleg
On October 9, 2024, Marriott International, Inc. and its subsidiary, Starwood Hotels & Resorts Worldwide, LLC (collectively “Marriott”) agreed to a proposed settlement1 with the Federal Trade Commission (“FTC”) and a coalition of forty-nine state attorneys …
CrowdStrike-Delta lessons for third-party risk management
11/12/24
The world cannot unsee images of the “blue screen of death” across millions of Windows devices on July 19, 2024.1 CrowdStrike, an American Cybersecurity SaaS provider of its Falcon endpoint detection product, released a defective …
FMG’s Top 5 Cybersecurity Awareness Month tips to avoid “spooks and spoofs”
10/22/24
October is Cybersecurity Awareness Month, which means this month (like every month!) is a great opportunity for organizations to focus on their data security and privacy practices. Through our representation of businesses of all types and …
DOJ delivers new guidance on AI in compliance programs
10/8/24
On Monday, September 23, 2024, the Department of Justice (“DOJ”) released updated guidelines for prosecutors evaluating corporate compliance programs, including those employing AI systems. This update follows the public statements made by Deputy Attorney General Lisa …
9/16/24
By: Donald Patrick Eckler and Charlotte Meltzer
When an individual tries on non-prescription glasses using virtual software that captures some biometric information, are they a “patient in a health care setting” such that the service provider cannot be liable under …
Summer cyber & privacy round-up
9/9/24
By: Nicholas Jajko
2024 has been another busy year for data privacy regulation, bringing the passage of privacy laws in seven new states (New Jersey, Kentucky, Maryland, Nebraska, New Hampshire, and Rhode Island). Other developments are also worth spotlighting for …
7/23/24
Plaintiffs are using a company’s website arbitration clauses in the Terms of Service to launch mass arbitration attacks. As a result, even where companies want to waive arbitration to litigate and dismiss the class, they are …
Eleventh Circuit rejects $35 million robocall class action settlement
7/10/24
By: Matthew N. Foree
The U.S. Court of Appeals for the Eleventh Circuit recently rejected a class action settlement based on a number of errors in approving the settlement in the District Court below. See Drazen v. GoDaddy.com, LLC, …
Tennessee raises the bar on data breach class actions
7/10/24
By: Matthew P. Delfino, Curt M. Graham, and Justin J. Boron
In response to a growing number of data breach class action lawsuits, Tennessee has enacted Public Chapter 991, which redefines the standards applicable to these cases. Specifically, …
The private right of action in privacy laws: Comparing Vermont to California
6/25/24
By: Justin J. Boron, Matt P. Delfino, and Danielle A. Ocampo
In recent years, a number of states have passed privacy laws, including Montana, Maryland, Tennessee, Kentucky, and many others. The Vermont legislature followed suit with the Vermont …
General contractor responsible for payment, even when subcontractor is hacked
6/13/24
By: Matthew P. Delfino and Jason M. Pannu
As the quantity and complexity of cyber threats continues to increase across various industries, a recent case from the U.S. District Court in Maryland highlights some of the security risks particular to …
Cyber-Rx: Prescribing treatment for the cyber-security infirmity of the healthcare industry
5/22/24
In February of 2024, Change Healthcare, one of the world’s largest healthcare payment processing companies (accounting for an estimated 15 billion transactions worldwide) announced that it was the victim of a cyber-attack that compromised the medical …