News and thought leadership
Subscribe to our latest updates, reports and upcoming events. Subscribe >
Showing 1 - 10 of 36
US Privacy & Breach Litigation Monitor
We are pleased to share the first edition of Kennedys Privacy & Breach Litigation Monitor. This bi-weekly mailing was created with our clients in mind - to bring you up to speed on the latest topics and trends in data privacy and breach litigation.
Notice and process of service via NFTs: A new frontier in tech and litigation?
In a recent precedential decision involving electronic service to an unknown defendant, the High Court of England and Wales approved a special request to issue an interim injunction and permit service of a lawsuit via a non-fungible token (“NFT”). The case follows a similar decision in New York trial court. Both decisions raise issues as to how prevalent will NFT service become in the US and UK.
Maryland amends its privacy law – Still not a comprehensive law, but it inches closer to other privacy laws
Maryland has updated its Personal Information Protection Act (“PIPA”), and while PIPA may not be considered a “comprehensive” privacy law, the revisions to PIPA enacted under House Bill 962 (“the Act” or “HB 962”) will bring some of PIPA’s provisions in line with the comprehensive data privacy laws recently enacted by a handful of other states.
Connecticut’s new consumer data privacy law: a New Haven for privacy protection? Not exactly
Connecticut is the fifth state to pass a comprehensive privacy law. Senate Bill 6, “An Act Concerning Personal Data Privacy and Online Monitoring” (“CTDPA” or “Act”), passed in both chambers of the state legislature on April 22, 2022, and April 28, 2022, respectively, and Governor Ned Lamont signed it into law on May 10, 2022. The Act will go into effect on July 1, 2023, with the exception of certain provisions.
An in-depth look at the Target decision finding that loss-of-use damages included costs of replacing payment cards compromised in data breach
On March 22, 2022, the United States District Court for the District of Minnesota ruled that two ACE insurers were obligated to indemnify Target Corporation (“Target”) for the amounts it paid to settle claims related to replacement of payment cards impacted in a data breach, vacating an earlier decision in which the court found that Target was not entitled to coverage.
Virginia Slim – A cheat sheet for the Utah Consumer Privacy Act
Utah is on the verge of enacting the Utah Consumer Privacy Act (UCPA), thereby becoming (perhaps surprisingly) the fourth state to enact a comprehensive consumer privacy law.
“Stick[ing] out like a sore thumb”: BIPA fingerprint claims, the ERP exclusion, and a common thread amidst an intra-district conflict
It seems as of late that decisions regarding the scope of the Illinois Biometric Information Privacy Act (BIPA) and insurance coverage for those claims have been coming as quick as finger scan.
What one court giveth, a brother court taketh away: Thermoflex and 3 policy exclusions in the context of BIPA
In Citizens Ins. Co. of Amer. v. Thermoflex Waukegan, LLC, the United States District Court for the Northern District of Illinois rejected the application of three separate general liability exclusions to a claim seeking coverage for an Illinois Biometric Information Privacy Act (BIPA) class action alleging the wrongful collection of employee fingerprint scans.
What is Hostile or Warlike?: An in-depth look at the Merck war exclusion decision and its shortfalls
On January 13, 2022, the Superior Court of New Jersey, Law Division, held in Merck & Co., Inc., et al. v. ACE Amer. Ins. Co., et al., that the Hostile/Warlike Action Exclusion in various property policies did not prohibit coverage for the NotPetya cyberattack launched by the military arm of the Russian Federation government against the country of Ukraine.
In a new BIPA decision, coverage barred by Employment-Related Practices exclusion, but not by Access or Disclosure of PI exclusion
In American Family Mut. Ins. Co. v. Carmel, Inc., the Illinois federal district court ruled that a CGL policy did not provide “personal and advertising injury” defense coverage for an underlying class action brought under the Illinois Biometric Information Privacy Act (BIPA) on account of the policy’s employment-related practices (ERP) exclusion.