Cyber Liability, Privacy & Data Breach

Reports of cyber-attacks frequently make headlines and are on the rise. Cyber hackers have a variety of motives for procuring data, from competitive advantage and reputation impairment to retaliation and monetary gain. Information is a significant company asset and as producers and curators of such valuable and sensitive data, virtually all companies, large and small, are at risk of high-tech attempts to steal data and compromise systems. More than ever, businesses face extreme challenges in protecting intellectual property and personal information of customers, personnel, and third-party associates. In many instances, even the best protective efforts fail. Moreover, an increasing number of states have enacted privacy legislation that allows for civil lawsuits and significant penalties. Therefore, it is extremely important for businesses to understand the requirements of the various privacy laws and how to respond in the event of a privacy legislation lawsuit.

Our Services

Plaintiff’s cybersecurity, privacy and data breach litigation theories often include claims of breach of express and implied warranty, violations of federal and state statutes, negligence (failure to adequately protect personal information), notification delay, unfair business practices, and unjust enrichment. Our attorneys are capable of defending companies against these theories in a wide range of industries, including:

Biometric Privacy

• Claims related to alleged violations of the Illinois Biometric Information Privacy Act (BIPA)
• Advising businesses on how to comply with BIPA

• Product liability claims related to internet connected devices, such as baby monitors, cars, home security systems, home thermostats, medical devices, refrigerators, smart phones and televisions, and IoT devices.

• ATM Cash Out fraud breach
• Corporate Account Take Over (CATO) attacks resulting in unauthorized wire and ACH transactions to accounts
• Distributed Denial of Service (DDoS) attacks interrupting normal services
• Personnel, service provider, and supplier information data breach
• Customer credit and debit card and bank account information data breaches
• Cyber wire transfer fraud

• Intellectual property breach
• Point of sale and other customer credit and debit card information data breach
• Personnel, service provider, and supplier information data breach
• Programmable logic controller (PLC) hacking, compromising facility and food safety
  

• Patient personal identification information data breach
• Electronic health records data breach (HIPAA violations)
• Software breach disabling needed health care systems
• Personnel, service provider, and supplier information data breach

• Coverage disputes
• Directors and officers (D&O) claims
• Errors and omissions (E&O) claims
• Commercial general liability (CGL) claims
• Cyber insurance claims

• Workplace privacy issues/Employee surveillance
• Personnel, service provider, and supplier information data breach
• Employees working from home on unsecured equipment
• Bring your own device (BYOD) issues

• Medical device software vulnerabilities that could compromise device performance and patient safety
• Research and development data breach

• Cyber wire transfer fraud

• Personnel, service provider, and supplier information data breach
• Customer preferences data information breach
• Point of sale and other customer credit and debit card information data breach

• Hijacking of software to manipulate or disable features that may endanger the lives of drivers and passengers

In addition to providing litigation defense services, we monitor and advise clients on the ever changing landscape in state and federal data privacy laws as well as statutory and regulatory requirements applicable to the client's business and industry. 

Our Experience

Our technology-savvy attorneys have extensive experience with regulated industries and are familiar with the federal and state laws and regulations governing and the agencies investigating and enforcing cybersecurity, data and privacy policies and procedures, including:

Government Agencies and Industry Regulatory Bodies

• Federal Aviation Administration (FAA)
• Federal Trade Commission (FTC)
• Financial Industry Regulatory Authority (FINRA)
• Food and Drug Administration (FDA)
• National Technical Information Service (NITS)
• U.S. Department of Defense (DOD)
• U.S. Department of Justice (DOJ)
• U.S. Security and Exchange Commission (SEC)

• CAN-SPAM Act
• Electronic Communications Privacy Act (ECPA)
• Fair and Accurate Credit Transactions Act (FACTA)
• Fair Credit Reporting Act (FCRA)
• Federal Information Security Management Act (FISMA)
• Federal Trade Commission Act (FTCA)
• Gramm-Leach-Bliley (GLBA)
• Health Insurance Portability and Accountability Act (HIPPA)
• Sarbanes-Oxley Act (SOX)
• Telephone Consumer Protection Act (TCPA)
• The Children's Online Privacy Protection Act (COPPA)
• State breach notification laws
• Other federal and state laws

Many of our attorneys are experienced in defending complex MDL and class action litigation. All of our attorneys are skilled at identifying and executing the best approach for each litigated matter. Core members of the practice are active in cybersecurity, privacy and data protection committees of the American Bar Association (ABA), Claims and Litigation Management Alliance (CLM), and Defense Research Institute (DRI) and many contribute to panels and publications concerning cybersecurity, privacy and data protection issues.

For more information about our cyber liability, privacy and data breach practice contact Paul Penticuff or Tom Rice in Kansas City, Jennifer Maloney in St. Louis, or Greg Odom in Belleville.