negligence, safety, texting
New Jersey Court Says One Can Be Liable For Sending a Text That Causes an Auto Accident
By InfoLawGroup LLP on August 28, 2013
Georgia, Gramm-Leach-Bliley, negligence
Georgia Supreme Court Holds That Gramm-Leach-Bliley Statutory Policy Statement Does Not Create Legal Duty Under State Negligence Law
By InfoLawGroup LLP on June 26, 2013
11th Circuit, causation, cognizable harm, damages, data breach, data security, Hannaford data breach payment card PCI DSS, identity the, motion to dismiss, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence
Eleventh Circuit Rules "Damages" Properly Alleged in Data Breach-Identity Theft Lawsuit
By InfoLawGroup LLP on September 17, 2012
best practices, bill, Colorado, Gross Negligence, HB 11-1225, negligence, Pabon, Regulation, Security
A Novel Data Security Law Proposed in Colorado
By InfoLawGroup LLP on February 24, 2011
Over the past couple years, many predicted that new state laws would follow the lead of states like Nevada and Massachusetts, and some anticipated we could see a situation where 50 different privacy/security laws across the country. Now it looks like we are beginning to see some renewed activity on the state level. In Hawaii we have a proposed bill that would require breached entities to provide credit monitoring and call center services to impacted individuals. In my home state, Colorado, a legislator (Dan Pabon) has proposed a novel bill that takes a new approach to incentivizing companies to implement good security. In this post, we take a look at the highlights of the Colorado bill.
Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number
IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim
By InfoLawGroup LLP on February 03, 2011
InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.
Breach, fiduciary duty, Heartland, litigation, negligence, payment card, PCI DSS, third party beneficiary
Heartland Bank and Keybank's Motion to Dismiss
By InfoLawGroup LLP on July 13, 2010
damages, injury-in-fact, motion to dismiss negligence security breach litigation standing injury-in-fact, negligence, security breach litigation, standing
Quickhits: Federal Judge Dismiss Aetna Data Breach Case Due to Lack of "Injury-in-fact"
By InfoLawGroup LLP on March 12, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
class action, FTC, Hannaford, malware, negligence, security breach litigation, SQL injection, State case law
Merchant Liability for "Time and Effort" Following Security Breach?
By W. Scott Blackmer on October 09, 2009
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders' "loss of time and effort" are sufficient injuries to ground a negligence claim following a payment card security breach.
appropriate, civil litigation, compliance, FTC, legal requirements, negligence, portable devices, public networks, reasonable, security measures, unfair practices, wireless
Code or Clear? Encryption Requirements under Information Privacy and Security Laws (Part 1)
By W. Scott Blackmer on October 01, 2009
"Exactly what data do we have to encrypt, and how?" That's a common question posed by IT and legal departments, HR and customer service managers, CIOs and information security professionals. In the past, they made their own choices about encryption, balancing the risks of compromised data against the costs of encryption. Those costs are measured not merely by expense but also by increased processing load, user-unfriendliness, and the remote but real possibility of lost or corrupted decryption keys resulting in inaccessible data. After weighing the costs and benefits, most enterprises decided against encryption for all but the most sensitive applications and data categories.
Breach, negligence, Security
Merrick Bank v. Savvis Update: Savvis Files Motion to Dismiss
By InfoLawGroup LLP on June 23, 2009
information security law, Legislation, negligence
Nevada Law Incorporates PCI and Provides a Liability Safe Harbor
By InfoLawGroup LLP on June 22, 2009
Breach, credit cards, negligence, Security
PCI Service Provider Contracting
By InfoLawGroup LLP on June 11, 2009
Breach, credit cards, negligence, Security
Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint
By InfoLawGroup LLP on June 03, 2009
Breach, consumer fraud, credit cards, negligence, Security
The TJX Case: It Lives! With a New Theory of Liability: "Unfairness"
By InfoLawGroup LLP on May 02, 2009
Breach, credit cards, negligence
Ruiz v. Gap: Increased Risk of ID Theft Not Damages
By InfoLawGroup LLP on April 13, 2009
negligence, Security
Is Something Wrong With PCI?
By InfoLawGroup LLP on January 22, 2009
negligence
Another "Victory" on the Issue of "Damages" in a Security Breach Negligence Case
By InfoLawGroup LLP on June 09, 2008
Breach, negligence
"Damages" in a security breach case... er.. maybe kinda...
By InfoLawGroup LLP on April 16, 2008
negligence
The "Circle of Blame"
By InfoLawGroup LLP on March 22, 2008
