Jay Edelson’s firm, Edelson PC, has been lead plaintiff counsel in highly publicized class-action suits brought against technology companies on the grounds of privacy violations. His firm has targeted early stage start-ups to technology giants like Amazon, Apple, and Google.
In early April, Edelson filed a lawsuit against Facebook on the basis that the social media site has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Having this data provides Facebook with the ability to recognize faces, and automatically name members and their friends in pictures that have been uploaded to the site. Edelson PC’s suit claims that Facebook violated Illinois’ Biometric Privacy Act by storing images of its members’ faces without their knowledge or permission. It also claims that the social media site failed to indicate how long these images would be stored. Facebook has stated that the lawsuit is “without merit,” and users can turn off the feature at any time. By turning it off, the data that suggests tags to others is subsequently terminated.
The President, industry leaders, and lawmakers visited the tech-hub of Stanford University earlier this month for an official White House Summit on Cybersecurity and Consumer Protection. The discussions focused on increasing collaboration between the government and the private sector in order to prevent potentially crippling data breaches. The administration hopes that this will encourage Congress to pass cybersecurity legislation. Here are a few key takeaways from the summit:
- Cybersecurity is an issue for all sectors of the economy.
The Identity Theft Resource Center found that 85 million records were exposed last year both in the public and private sectors. Cyber attackers trumped terrorists as the #1 threat to national security last year while data breaches on companies such as Sony Pictures Entertainment, Target, Home Depot, and most recently, insurance giant Anthem Inc., resulted in costly losses.
Cyber risk tops the list of main concerns among risk managers, insurers, brokers, and risk-management consultants, according to data released by Business Insurance from a December 2013 poll. Nearly 1,000 risk management professionals responded to the publication’s survey asking about cyber security management and protection.
- 56% said data breaches are the biggest threat to their organizations, followed by changing legislation (53%) and natural disasters (36%.)
- Just over half (52%) currently have a cyber-risk insurance policy in place, while 38% do not and 10% were unsure.
The survey results come on the heels of several recent high-profile data breaches in the past few months at stores like Target, Michael’s Stores and Neiman Marcus, igniting further angst among Read more…
When it comes to data breaches, law firms are like any other organization trying to fend-off cyber-attacks and protecting confidential and proprietary data. In fact, smaller firms often have a higher proportion of cyber-crimes relating to malicious code and malware, while disgruntled employees and stolen or lost devices tend to be the cause of these incidents for larger organizations. Law firms are prime targets for state sponsored espionage and organized crime groups for three reasons:
- Lawyers are usually at the center of a matter requiring access to data from all relevant sources
- Lawyers are a highly mobile workforce, requiring anytime, anywhere, any device access
- Lawyers are focused on clients, often willing to compromise controls and protocols (within ethical boundaries) to deliver service. Read more…
New research shows that smaller companies are especially vulnerable to data breaches, according to a Poneman Institute survey released last week. The survey found that more than half of U.S. small and mid-sized businesses have experienced data breaches caused by issues such as employee mistakes, lost or stolen laptops and smart phones and procedural mistakes. While 46 states have enacted legislation requiring notification of security breaches involving personal information, the study found that only 33% of companies experiencing data breaches have done so.
Experts say many small companies are not prepared to handle data breaches, leaving them subject to legal penalties for failing to respond in a timely and effective manner. Outsourcing may be one reason data breaches can be such a big problem Read more…
A survey by Symantec of more than 3,000 businesses provides useful information about the current state of corporate cybersecurity. Symantec’s 2011 State of Security Survey found that 73% of small and midsize companies had suffered a cyber attack in the past year, and that 30% of the attacks were “somewhat/extremely effective” in compromising the victims’ data. Companies are on alert. According to the study, in fact, companies considered cybersecurity their greatest threat — greater than criminal activity, natural disasters, and terrorism.
Many companies are already bristling with perimeter weaponry designed to prevent external attacks, but their defenses are not impregnable. More than 70% of the respondents experienced cyber Read more…
Two Peas in Different Pods
Much ink has been spilled about Zurich Insurance’s recent denial of coverage for the massive Sony Playstation breach. Some of the early commentary has been useful (mostly by providing accurate descriptions of what has transpired so far), while some has been wildly amiss (mostly by mischaracterizing the kind of coverage at issue). In the end, Zurich’s coverage denial will probably be confirmatory rather than revelatory — that is, it will likely confirm the warnings of experienced insurance professionals and not uncover any shocking new facts about coverage for breaches of privacy and data security.
Less attention has been paid to a pair of claims involving Dropbox, a popular cloud-based storage service. One claim was filed with the FTC, alleging that Dropbox had made false claims about the security of its users’ data. The other claim, a class action lawsuit, followed a self-inflicted breach Read more…