Michael J. Paris of Bennett Jones LLP writes: Businesses that collect personal information have an added incentive to monitor employees handling customer data – Ontario’s first class action arising from the new tort of “intrusion upon seclusion” was certified last week.1 In Evans v Bank of Nova Scotia, the plaintiffs sought to certify a class action…
Category: Commentaries and Analyses
Another post-Clapper Data Privacy Breach Case dismissed for lack of standing
David M. Brown of Montgomery McCracken Walker & Rhoads LLP writes: The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013), continues to be relied on by federal courts to hold that “mere loss of data” or “increased risk of identity theft” in a data breach case does not constitute…
Are Data Breach Investigations Privileged?
Over the past few years, I’ve seen more and more references to the idea that if breached entities have their legal counsel arrange for a forensics or breach investigation, the breach investigation would be considered privileged communications or attorney-client work. Needless to say, I am not happy at any end-run around transparency involving breach investigations….
Privacy advocate files complaint with FTC over Maricopa County Community College District data breach
The 2013 breach at Maricopa County Community College District (MCCCD) in Arizona affected approximately 2.5 million faculty, staff, vendors, and students, making it the largest breach involving student information ever reported by a U.S. institution of higher education. A complaint by this privacy advocate alleges violations of the Safeguards Rule. Having researched and reported on breaches for about…
AU: Review blames Immigration for data breach exposing 10,000 detainees
Paul Farrell and Oliver Laughland report: A major data breach that exposed the personal details of almost 10,000 people in detention was caused by Immigration Department failures to check and approve documents for web publication, an independent review has found. The report by management consultants KPMG, which was published on Thursday, reveals that the document containing…
How the FTC Can Readily Halt Identity Theft
Dan Solove argues that if the FTC would just conclude that the use of Social Security numbers as a password or authenticator is unreasonable data security, a lot of identity theft could be prevented. I think he’s right, but there has always been and would be tremendous pushback against the proposal. I’m not confident that Congress would…