Showing 1 - 10 of 197
Getting physical: Ohio Supreme Court holds that software cannot be physically damaged and endorsement covering software must be triggered by physical loss or damage to covered property
On December 27, 2022, the Supreme Court of Ohio unanimously ruled that a businessowners property insurance policy issued by Owners Insurance Co. (Owners) to EMOI Services, LLC (EMOI) did not afford coverage for losses sustained in a ransomware attack because computer software is “entirely intangible” and “cannot experience ‘direct physical loss or physical damage’.
Minnesota Federal Court rules Cyber Business Interruption clause covers funds lost in fraudulent wire transfer incident
As previously reported, on November 3, 2022, the federal district court for Minnesota, applying Minnesota substantive law, ruled that an insured was entitled to coverage under a Cyber Business Interruption clause for money lost in a fraudulent wire transfer incident.
We are pleased to share the first edition of Kennedys Privacy & Breach Litigation Monitor. This bi-weekly mailing was created with our clients in mind - to bring you up to speed on the latest topics and trends in data privacy and breach litigation.
The ICO issues a firm warning to businesses as it fines UK construction firm, Interserve Group Limited, £4.4 million
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), recently published details of its most recent monetary penalty notice. This latest notice imposes a penalty of £4.4 million on construction and outsourcing firm, Interserve Group Limited arising from a cyber-attack in 2020. Here, we look at what businesses can learn from the notice and what it reveals about the ICO’s enforcement strategy.
The global cyber team at Kennedys has seen a growing trend in data breaches arising from the bypassing of MFA by cybercriminals. In this article, we share what we have seen so far, detail the potential repercussions, and provide recommendations on how best to avoid falling victim to this latest trend.
On 17 March 2022, the UK Government delivered to parliament a 'world-leading' Online Safety Bill aimed to make the UK the safest place to go online while defending free expression. Here, and in light of Ofcom’s Call for Evidence about its plans for implementation of online safety regulation, we focus on the scope of the Bill’s provisions and the likely impact on organisations.
Good governance: the role of non-executive directors in addressing cyber security risks in a healthcare organisation
Digital technology and data remain an increasingly significant and ever-evolving part of the delivery of modern health and care services. To address the risks posed to cyber security, there are a number of important considerations for healthcare organisations.
In its latest move to ensure that syndicates are appropriately addressing cyber exposures, Lloyd’s issued on August 16, 2022 Market Bulletin Y5381 -- “State backed cyber-attack exclusion” -- to require “legally reviewed” and “sufficiently robust” wordings in cyber policies to address both war and non-war state backed cyber-attacks. Lloyd’s noted that “exposure to cyber-attack losses has been an area of market focus in circumstances where the losses arise from attacks sponsored by sovereign states” and announced a requirement, effective March 31, 2023, for syndicates to include a state backed cyber-attack exclusion in stand-alone cyber policies at inception or upon renewal.
After several years of delays the Personal Data Protection Act B.E. 2562 (2019) ("PDPA") came into force in Thailand on 1 June 2022. Since then, on 20 June 2022, subordinate legislation (the "Notifications") under the PDPA was issued by the Personal Data Protection Committee ("PDPC") and published in the Royal Thai Government Gazette.
These Notifications are intended to set out the various criteria and rules, as well as much needed guidance and clarification, of some key requirements under the PDPA.
In a recent precedential decision involving electronic service to an unknown defendant, the High Court of England and Wales approved a special request to issue an interim injunction and permit service of a lawsuit via a non-fungible token (“NFT”). The case follows a similar decision in New York trial court. Both decisions raise issues as to how prevalent will NFT service become in the US and UK.