As we recently touched on at the KMK Cybersecurity Seminar, lower courts are beginning to apply Spokeo Inc. v. Robins as defendants renew challenges to class certification.
This post is a follow-up to January’s cybersecurity post discussing the cybersecurity considerations in performing due diligence in M&A transactions. The previous discussion can be found here. This post addresses two contractual provisions, the closing conditions and indemnification, which, if properly utilized, can protect acquiring companies from taking on too much cybersecurity risk in M&A transactions.
The Cybersecurity Information Sharing Act (CISA), S. 754, was signed into law by President Obama on December 18, 2015 as part of the larger 2016 Omnibus Spending Bill, and arrived on the cybersecurity landscape with an equally strong set of supporters and opponents. With strong views on both sides, CISA is the first step in building what all will likely agree is of critical importance – improving cybersecurity in the United States.
In today’s M&A transactions, cybersecurity deficiencies in a target company pose potentially significant financial and regulatory risks to the acquiring company. For this reason, new measures must be implemented in M&A transactions to protect both companies from today’s emerging cybersecurity epidemic.
Recently, the European Union Court of Justice invalidated a Safe Harbor Framework (established in 2000), which thousands of companies relied upon to facilitate the transfer, processing and storage of data from the EU to the U.S. Any company that processes and stores data from the EU, including customer and employee personal data, should be reviewing its contracts and procedures and monitoring these developments.
In a case that will have significant ramifications for the legal landscape relating to cybersecurity, the Third Circuit Court of Appeals affirmed a lower court’s decision that the Federal Trade Commission (FTC) had the authority to regulate companies’ data security practices.
On August 11, 2015, federal prosecutors in New York and New Jersey filed criminal charges against two alleged hackers and seven other individuals who allegedly traded securities based upon stolen information. The Securities and Exchange Commission filed a related civil complaint against those same nine individuals, as well as 23 other individuals and corporate entities.
As promised, the U.S. Office of Management and Budget on Tuesday released a set of proposed cybersecurity guidelines to help government agencies draft contracts with information technology contractors.
As the Supreme Court revels in its summer hiatus, and the federal government slows to its August halt, here is a status update and forecast on pending data breach litigation:
Seventh Circuit Sides with Plaintiffs and Reinstates Consumer Data Breach Class Action Previously Dismissed for Lack of Standing
Last week the Seventh Circuit reinstated the Neiman Marcus data breach class action, holding that plaintiffs had satisfied Article III’s standing requirements based on at least some of the injuries they alleged. In doing so, the Seventh Circuit became the first federal court of appeals to rule on a challenge to the standing of purported data breach victims in light of the Supreme Court’s decision in Clapper v. Amnesty International, 133 S. Ct. 1138 (2013), and diverged from the growing majority of federal district courts that have held similar allegations are insufficient to confer standing.
This blog is devoted to cybersecurity and privacy related issues. Our interdisciplinary group of attorneys with corporate, insurance coverage/risk prevention, information governance, labor & employment, HIPAA, employee benefits, and litigation experience, will discuss best practices for protecting your organization against data breaches and cyber attacks as well as recent developments in litigation and federal and state regulations.
- Mergers & Acquisitions
- Corporate Law
- Federal Trade Commission
- Cybersecurity Regulation
- Seventh Circuit
- Class Action Litigation
- Department of Justice
- Data Breach
- Cybersecurity and Privacy Law
- Cyber Insurance
- Privacy Class Action Dismissed Under Spokeo
- Cybersecurity Issues in M&A Transactions – Part II
- CISA Makes Its Debut in 2016
- Cybersecurity Issues in M&A Due Diligence
- Recent Ruling Changes How Companies Should Process or Store Data From EU
- Federal Trade Commission’s Position As Cybersecurity Regulator Is Confirmed
- Hackers Broaden Scope of Cyber Attacks to Conduct Insider Trading
- U.S. Office of Management and Budget Releases Proposed Cybersecurity Guidelines
- Cybersecurity Updates Across the Three Branches
- Seventh Circuit Sides with Plaintiffs and Reinstates Consumer Data Breach Class Action Previously Dismissed for Lack of Standing
Other KMK Blogs
- KMK Law Complex Litigation Blog
- KMK Law Corporate & Securities Blog
- KMK Law Cybersecurity & Privacy Blog
- KMK Law Electronic Discovery Road Map Blog
- KMK Law Management Rights Blog
- KMK Law Real Estate Blog
- KMK Law Intellectual Property Blog