On October 5, 2023, Seyfarth offered a Masterclass, hosted by Lexology, which was designed to familiarize in-house counsel and privacy professionals, in and out of Washington state, with the My Health My Data Act legislation. Portions of the Act are already in effect and go into further effect on March 31, 2024.
We explored its
Thursday, October 5, 2023
1:00 p.m. – 2:00 p.m. ET
12:00 p.m. – 1:00 p.m. CT
11:00 a.m. – 12:00 p.m. MT
10:00 a.m. – 11:00 a.m. PT
Seyfarth is pleased to offer this Masterclass, hosted by Lexology, which is designed to familiarize in-house counsel and privacy professionals, in and
This blog post is co-authored by Seyfarth Shaw and The Chertoff Group and has been cross-posted with permission.
On July 26, the U.S. Securities & Exchange Commission (SEC) adopted its Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure final rule on a 3-2 vote. The final rule is a modified version of the SEC’s earlier Notice of Proposed Rulemaking (NPRM) released in March 2022. The final rule formalizes and expands on existing interpretive guidance requiring disclosure of “material” cybersecurity incidents.Continue Reading SEC Publishes Public Company Cybersecurity Disclosure Final Rule
By this point, most people in the employee benefits space have heard about the MOVEit and Retirement Clearing House (RCH) cyber incidents, which could directly impact employers’ benefit plans. The MOVEit file transfer application is used by a number of vendors, including those that locate missing plan participants or find information regarding deceased plan participants (e.g., PBI Research Services). RCH is often used by retirement plans to facilitate benefit transfers, including for IRA rollovers. Other plan vendors/subcontractors may also use the MOVEit software application or subcontract with RCH for their plan services. Actual and potential victims have included state and federal government agencies as well as companies across a variety of industries (and their benefit plans) who were using MOVEit or RCH, or who engaged with service providers who used these tools.Continue Reading Multiple Cyber Incidents Impact Employee Benefit Plans and Participants
Seyfarth Synopsis: The U.S. District Court for the Northern District of Illinois recently denied Plaintiff’s motion to reconsider a prior dismissal of his privacy action due to untimeliness. In a case titled Bonilla, et al. v. Ancestry.com Operations Inc., et al., No. 20-cv-7390 (N.D. Ill.), Plaintiff alleged that consumer DNA network Ancestry DNA violated the Illinois Right of Publicity Act (“IRPA”) when it uploaded his high school yearbook photo to its website. The Court initially granted Ancestry’s motion for summary judgment, finding Plaintiff’s claims to be time-barred under the applicable one-year limitations period. Upon reconsideration, Plaintiff – unsuccessfully – made a first-of-its-kind argument that the Court should apply the Illinois Biometric Privacy Act’s five-year statute of limitations to the IRPA.Continue Reading Federal Court Rejects Application of BIPA Statute of Limitations to Privacy Act Violations
On Tuesday, June 13 at 1:00 p.m. Eastern, Seyfarth attorneys Kristine Argentine, John Tomaszewski, and Paul Yovanic will present at the Association of National Advertisers webinar, “Emerging Issues Surrounding Privacy Class Actions and Compliance in 2023.”
The webinar will address the recent surge in consumer class actions, compliance considerations, and recent developments
You may have recently seen press reports about lawyers who filed and submitted papers to the federal district court for the Southern District of New York that included citations to cases and decisions that, as it turned out, were wholly made up; they did not exist. The lawyers in that case used the generative artificial intelligence (AI) program ChatGPT to perform their legal research for the court submission, but did not realize that ChatGPT had fabricated the citations and decisions. This case should serve as a cautionary tale for individuals seeking to use AI in connection with legal research, legal questions, or other legal issues, even outside of the litigation context.
In Mata v. Avianca, Inc.,[1] the plaintiff brought tort claims against an airline for injuries allegedly sustained when one of its employees hit him with a metal serving cart. The airline filed a motion to dismiss the case. The plaintiff’s lawyer filed an opposition to that motion that included citations to several purported court decisions in its argument. On reply, the airline asserted that a number of the court decisions cited by the plaintiff’s attorney could not be found, and appeared not to exist, while two others were cited incorrectly and, more importantly, did not say what plaintiff’s counsel claimed. The Court directed plaintiff’s counsel to submit an affidavit attaching the problematic decisions identified by the airline.Continue Reading Use of ChatGPT in Federal Litigation Holds Lessons for Lawyers and Non-Lawyers Everywhere
In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.” He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about
Ransomware attacks have become one of the most common and pervasive cybercrimes perpetrated against U.S. companies. A bad actor, often from overseas, will gain access to upload malware onto a company’s network storage or application platforms that encrypts all files it can access. A message or text file is usually left with instructions on how to contact the attacker to pay a ransom for the decryption key. In the worst case, a ransomware attack can freeze the business operations by effectively removing access to the company’s critical systems and rendering them useless. Aside from the business impact, what legal implications are created by a ransomware attack?
The greatest legal concern is one of privacy. By definition, ransomware attacks gain access to the internal systems maintained or owned by a business. However, not all ransomware attacks are created equal and privacy obligations differ from one attack to another.Continue Reading Ransomware Attacks – Harmless Annoyances or Catastrophic Events?
We have seen a market driven push for companies to embrace diversity and inclusion (D&I) policies over the last few years, which reflects a key shift in social and cultural norms for many organisations. Increasingly, consumers, staff and senior business leaders expect proactive steps to be taken for D&I objectives. Research demonstrates a strong business case for promoting diversity, although some suggest that viewing it through a lens of fairness is more effective. Regardless of the rationale, there are very sound reasons for companies to be embracing a diverse and inclusive workforce.
In pursuit of this objective, global businesses might assume that diversity reporting obligations apply in Australia in the same way they do in other jurisdictions and that overseas policies will be suitable for use here. With the best of intentions, following guidance from reputable external organisations focussed on general strategies to promote D&I, businesses might default to policies and practices designed overseas.
So what’s the problem? Many companies are unaware of the local compliance issues in Australia that need to be met when collecting diversity data and implementing these programs:Continue Reading When Good Intentions Fail: Is Your D&I Policy Inadvertently Unlawful?