News and Alerts for April 19, 2022

Virginia Passes Amendments to VCDPA Governor Glenn Young of Virginia last week approved three amendments to the Virginia Consumer Data Protection Act (VCDPA). The first amendment, H 381, creates an exemption to consumers’ right to delete, and will allow data…

Read More

Saudi Arabia’s Data Protection Law: The Personal Data Protection Law

On March 10, the Kingdom of Saudi Arabia’s Saudi Data & Artificial Intelligence Authority (SDAIA) issued a draft version of executive regulations supplementing the nation’s first standalone comprehensive data protection law, The Personal Data Protection Law (PDPL). PDPL was implemented…

Read More
SolarWinds

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes in the…
Read More
Google

Lloyd v Google: A Sigh of Relief for Data Controllers

In unanimously refusing to allow a representative action to proceed, the UK Supreme Court may have sounded the death knell for opt-out class actions in England for data breaches: Lloyd v Google [2021] UKSC 50. The Safari workaround Back in 2011 Apple’s Safari web browser on iPhones blocked all third-party cookies. This prevented popular websites from working…
Read More
PII

Courts Rule on When a Data Breach of PII is Actionable

The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing to bring a lawsuit when there is no allegation their PII was targeted or misused. The Second Circuit’s decision To bring…
Read More
Breach

Attorney-Client Privilege in the Age of Cyber Breaches

Investigations and forensic reports relating to a cybersecurity breach may not always be protected by the attorney-client privilege or work product protection.  Companies seeking such reports after a data breach must take caution to protect them from a possible waiver of privilege in the event of subsequent litigation relating to a data breach. The following…
Read More
Back To Top