Posts

Showing posts with the label data breach

Potential Implications after a Breach of Personal Data

In addition to the immediate operational impacts, data breaches can trigger a range of legal consequences for clients— from the obligation to provide notice to regulators, individuals, and business partners, to the burden of defending regulatory oversight investigations and class action litigation —not to mention the pressure to mitigate effects on end clients and reputational damage. In the U.S., all 50 states, as well as the District of Columbia and three of the territories, have data breach notification laws with varying requirements, but generally the entity that owns the data (called a “controller”) must notify natural persons if there is unauthorized access to certain categories of their “personal information” (which includes SSNs and financial information). If a vendor suffers a data incident, they must notify the controller, often “immediately,” after which the obligation to provide the notices to the data subjects shifts to the controller . Most industrialized countries have ...

Navigating Today’s Top Privacy and Data ‎Security Risks

The world of data privacy is changing rapidly, presenting significant challenges for business leaders. New laws are emerging, plaintiffs’ attorneys are finding creative ways to use old statutes, and cybercriminals are leveraging AI to launch sophisticated attacks. Staying ahead of the risks is crucial. This article breaks down the key insights from our recent webinar which covered the biggest threats businesses face and provided practical steps to protect your organization. What Are The Top Privacy And Security Risks? In 2026, business leaders will face three key challenges. 1. The Rising Tide of Website Litigation Plaintiffs’ counsel persistently target businesses of all sizes with demand letters, arbitration, and litigation around the use of common website tools and features. This year alone, hundreds of lawsuits and arbitration claims have been filed alleging that the use of third-party website tracking tools, like cookies and pixels, or features, like AI-powered chatbots, violate ...

Ransomware Reality Check: Why Not Every Data Breach Creates Standing

At MVA, we often help clients who are victims of cyber incidents where threat actors take data and threaten to release it unless they are paid. With ransomware attacks and data exfiltration common, companies face mounting pressure to assess litigation risk after a breach, and understanding the legal landscape is critical. Recent rulings from both federal and state courts underscore a key point: not every breach translates into standing for every affected individual. In our 2017  DataPoints  piece on  Beck v. McDonald , we explored how the Fourth Circuit set a reasonable bar for standing in data breach cases. That precedent continues to shape outcomes today, including a recent decision from the Fourth Circuit and a November 18 th  decision from a state court of appeals reinforcing the principle that speculative harm is not enough for standing. The Fourth Circuit in  Holmes v. Elephant Insurance Co.  and the Wisconsin Court of Appeals in  Bauer v. Fincan...

Industry Groups Urge Rescission of Proposed HIPAA Security Rule Updates

In February, a coalition of healthcare organizations sent  a letter  to President Donald J. Trump and the U.S. Department of Health and Human Services (HHS) (the Letter), urging the immediate rescission of a  proposed update to the Security Rule under HIPAA . The update is aimed at strengthening safeguards for securing electronic protected health information. According to  The HIPAA Journal , the data breach trend in the healthcare industry over the past 14 years is up, not down. This is the case despite the  HIPAA Security Rule  having been in effect since 2005. The HIPAA Journal goes on to provide some sobering statistics: Between October 21, 2009, when OCR first started publishing summaries of data breach reports on its “Wall of Shame”, and and December 31, 2023, 5,887 large healthcare data breaches have been reported. On January 22, 2023, the breach portal listed 857 data breaches as still; under investigation. This time last year there were 882 breach...

Is The FinCEN Laying The Foundation For The G.O.A.T. Data Breach?

  On May 29, 1453 the walls of Constantinople had stood unbreached for more than a thousand years.  Yet on that day, the army of Sultan Mehmed II was able to force entry into the city through the Gate of St. Romanus.  The   Byzantine Emperor  Constantine XI Palaeologus  was killed and the city became Mehmed's new capital.  The moral of the story is that even the most impregnable defenses can be breached. When the Financial Crimes Enforcement Network (aka the FinCEN)  adopted  its final rules implementing Section 6403 of the Corporate Transparency Act (aka the CTA), it estimated that 32.6 million business entities would exist on January 1, 2024 and be required to provide beneficial ownership information.  FinCEN estimated that there would be an additional 5 million reporting entities formed each year.  Under the rules, a reporting company must provide FinCEN with the following information about individual beneficial owners and compan...

Woeful Lack of Training for Chatbot Use in Workplace

  A new US National Cybersecurity Alliance   survey   shows that over one-third (38%) of “employees share sensitive work information with artificial intelligence (AI) tools without their employer’s permission.” Not surprisingly, “Gen Z and millennial workers are more likely to s hare sensitive work information without getting permission.” The problem with employees sharing workplace data with chatbots is that if a worker inputs sensitive personal information or proprietary information into the model, that information is then used to train the model. If another user enters a query that the original information is responsive to, then the sensitive or proprietary data is provided in the response. That’s how generative AI works. The data disclosed is used to teach the model and is no longer private. According to Dark Reading, several cases illustrate how significant the risk of employees sharing confidential information with chatbots is: “ A financial services firm integrate...