Leading the charge against cyber privacy violations
Jay Edelson’s firm, Edelson PC, has been lead plaintiff counsel in highly publicized class-action suits brought against technology companies on the grounds of privacy violations. His firm has targeted early stage start-ups to technology giants like Amazon, Apple, and Google.
In early April, Edelson filed a lawsuit against Facebook on the basis that the social media site has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Having this data provides Facebook with the ability to recognize faces, and automatically name members and their friends in pictures that have been uploaded to the site. Edelson PC’s suit claims that Facebook violated Illinois’ Biometric Privacy Act by storing images of its members’ faces without their knowledge or permission. It also claims that the social media site failed to indicate how long these images would be stored. Facebook has stated that the lawsuit is “without merit,” and users can turn off the feature at any time. By turning it off, the data that suggests tags to others is subsequently terminated.
Europe has demonstrated the most extreme pushback to technology companies herding users’ data after a new law called the “right to be forgotten” was adopted in 2006. The law allows people to complete a form through a search engine’s website to have links and information about them deleted. In the United States, social media websites such as Facebook and Twitter continue to grow in popularity even though it is widely known that these sites pool the personal information of their users. A recent Pew Research Center survey reported that over 90 percent of adults in the United States believed they had absolutely no control regarding how technology companies utilize their personal information.
From an insurance perspective, there is a growing spotlight on cyber security policies. Most specifically, companies are often focused on coverage for their own costs (law firms and forensics fees, notification obligations, credit monitoring services, etc.) arising out of a data breach. However, the Edelson-led class action suits raise a very different, and important, cyber insurance consideration. Any company that handles or controls data of its users should review how their insurance coverage would respond to third party claims alleging some wrongful act in how that data is managed and protected. We’d also invite you to review WGA’s Cyber Risk Hub, our open source platform that includes valuable information on this topic and other cyber security matters.
About the Author
Michael Talmanson is a Vice President at WGA in the Property and Casualty Group and leader of the firm’s Technology and Cyber Risk Practice. He advises high technology, life sciences and financial services companies about insurance and risk management matters.