Category Archives: Cybersecurity

Pittsburgh Court Rules on Data Breach Class Claims – Denying Cause of Action

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

537047_70437721A Pittsburgh, Pennsylvania Judge has ruled at the trial court level that there is no private cause of action for the alleged failure of a major hospital network to secure and protect PII and PHI. Denying Class claims, Judge Wettick has ruled that because the legislature has not created such a right, that only the Pennsylvania Attorney General has the right to bring a claim in this circumstance. See the Legal Intelligencer article here: http://tinyurl.com/nphostc  We will get more details on this case and pass them along with our analysis.

Business Leaders Rank Cyber Risk #2 on List of Main Concerns

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Travelers Business Risk ImageTravelers Indemnity and Insurance released its annual Business Risk Index, which is a survey of the concerns of business leaders and decision makers. Not surprisingly, for 2015, Cyber Risk moved up to the number 2 concern on that list, right behind rising healthcare costs. In some industry sectors it is the number 1 concern. The Banking and Financial Services, Professional Services, and Technology sectors each ranked cyber risks as the main driver of sleepless nights.  The chart on page 3 of the survey is very instructional as to the different concerns between small, medium and large businesses. Small businesses have less concern about data breach than larger businesses, but perhaps small businesses are overlooking their vulnerability and attractiveness as targets. If they care less, they will likely protect less, and become easy targets for hackers. It should be a huge concern for all businesses in all industries as no one appears immune. If you data store or deal in Personal Identifiable Information (PII) or Personal Health Information (PHI) as part of your business, then you are a valuable target. If you have financial or credit information, or trade secrets to protect, then perhaps your competitors, foreign governments and political hackers want to look inside your data. Many insurers are now offering Cyber Risk Insurance to provide defense and indemnity against these risks. Every business should have a data breach prevention and response team of employees and outside consultants and lawyers to audit the company’s vulnerability and to set the plan for a response when a breach occurs.  See the complete Travelers Business Risk Index at: https://www.travelers.com/prepare-prevent/risk-index/business/index.aspx

Target Agrees to Settle Class Claims Over 2013 Data Breach for $10M

Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Prevention and Response Team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Data Breach broken_security_lock photo Target Corp. agrees to settle the 2013 data breach class claims prior to argument on class certification. Lead plaintiff’s counsel admitted the uphill battle he faced to obtain class certification due primarily to the difficulty in these consumer data breach cases of proving commonality of claims. This settlement, which still needs court approval for its proposed $10M payout, will not settle claims by commercial entities, but only individual consumer claims. Here is a good article with more detail from the National Law Journal. We will continue to follow this settlement and the handling of the commercial claims as this blog increases our focus on Cybersecurity and Data Breach Prevention and Response issues.

See this link to the NLJ for more info:  http://tinyurl.com/kxwjrb9

 

 

Cybersecurity (CISA) Bill Moves out of Congressional Committee

j0402514Posted By Henry M. Sneath, Chair of the Cybersecurity and Data Breach Response team at Pittsburgh, Pa. law firm Picadio Sneath Miller & Norton, P.C.  hsneath@psmn.com or 412-288-4013

Privacy concerns continue to dog the CISA (formerly CISPA) bill, but it easily passed out of the  Senate Intelligence Committee yesterday.  Pundits claim that the bill pits “big government – NSA, Homeland Security et al allegedly aided by Big Tech Companies” against privacy advocates who want less regulation of data and the internet. I’m not sure if it lines up that neatly however. See this short article with a summary of the committee process from Wired.Com.

Here is an advocacy website piece which supports defeat of he bill.

We will continue to monitor the path of the bill to see if it makes it to the Senate Floor for a vote. For the complete text of the bill, view it at this link.

Sneath Headshot

Henry M. Sneath on Google+ or see his PSMN ® bio.

3rd Circuit Hears Argument on Cybersecurity Issue Regarding Data Breaches of Consumer Information

by: Kelly A. Williams, a shareholder at Picadio Sneath Miller & Norton, P.C.

ComputerOn March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp. (No. 14-3514) on the novel issue of whether or not the Federal Trade Commission can sue a company for failing to properly secure consumer data. The case arose when the FTC sued Wyndham Worldwide Corporation, after Russian hackers broke into the Wyndham’s computer network and stole the credit card information for thousands of customers. The FTC filed the suit based on its authority under federal law to patrol unfair business practices. The Wyndham Hotel contends that its cybersecurity system is outside the realm of the FTC’s authority and that the FTC had not given notice about what the law would require with regard to corporate data security practices. The case reached the Third Circuit after the District for New Jersey denied the Wyndham’s motion to dismiss, and the Wyndham filed an interlocutory appeal. The panel’s, consisting of Judge Thomas Ambro and Senior Judges Anthony Scirica and Jane Roth, interest in the novel issue was apparent from the fact that oral argument lasted twice as long as the allotted time and the Court requested supplemental briefing.

See this article for additional information (subscription required). A recording of the oral argument can be found here at the 3rd Circuit’s website.