Showing 1 - 10 of 115
In a new BIPA decision, coverage barred by Employment-Related Practices exclusion, but not by Access or Disclosure of PI exclusion
In American Family Mut. Ins. Co. v. Carmel, Inc., the Illinois federal district court ruled that a CGL policy did not provide “personal and advertising injury” defense coverage for an underlying class action brought under the Illinois Biometric Information Privacy Act (BIPA) on account of the policy’s employment-related practices (ERP) exclusion.
On December 20, 2021, the Seventh Circuit Court of Appeals issued a long-awaited decision in Cothron v. White Castle System, Inc., a case in which the Seventh Circuit could have provided an answer to the open question of when claims for violations of sections 15(b) and 15(d) of the Illinois Biometric Information Privacy Act (BIPA) accrue.
As the world emerged from lockdown, it should come as no surprise that cybersecurity and data privacy remained dominant topics in the media and legal industry. Some of 2021 was much like 2020 – ransomware attacks continued to fill the headlines, and in the aggregate, constituted significant loss paid under cyber insurance policies. OFAC reminded victim companies and incident response firms (and cyber carriers) that it remains unlawful to pay ransom payments to designated organizations. Comprehensive federal legislation addressing cyber defenses and notification requirements never materialized.
Problematic legislation and fundamental rights: new obstacles to transferring personal data from Europe
We have all experienced restrictions on international travel during the COVID-19 pandemic. But did you know that recent developments in European privacy law have also made it harder for personal data to cross international borders? As Special Counsel Nicholas Blackmore explains, new EU Standard Contractual Clauses and guidance from the European Data Protection Board pose significant challenges for Australian businesses attempting to transfer personal data from Europe.
Yesterday, on December 7, 2021, the New York State Department of Financial Services (“NYDFS”) issued Guidance on Multi-Factor Authentication (“Guidance”), reminding all regulated entities (or “Covered Entities”) that the use of multi-factor authentication (“MFA”) is required by the NYDFS Cyber Regulation.
On 10 September 2021 the government published a consultation on reforms to data protection law in the UK. Data: A new direction (the Consultation) proposes wholesale change to the UK legal framework, including the UK General Data Protection Regulation (UK GDPR). The changes, if implemented, are wide-ranging and significant and reinforce the government’s aim to capitalise on the UK’s “independent status” and create an ambitious, pro-growth and innovation-friendly data protection regime that maintains its high protection standards.
Oliver Dent, partner in Kennedys’ cyber and data risk team, discusses this Lloyd v Google  and how the claim was dismissed by the court.
Personal data is often referred to as the currency of the digital age. As such it is not surprising that there has been an increasing awareness around personal data sets and data protection rights in addition to a heightened cyber risk.
London Market casualty insurers are continuing to experience increased notifications for climate change related claims. It is likely that this increase will prevail in light of the Glasgow Climate Pact at COP26 which asks countries to “accelerate efforts towards phasing down unabated coal power”.
Case review 11/12/2021
On 10 November 2021, the UK Supreme Court handed down its long-awaited decision in the data privacy case of Lloyd v Google.