In today’s digitally expanding and tech-controlled world, the issues of privacy and data security are rife with legal implications. Companies must rise to meet the many challenges posed by a modern digital marketplace, including protecting personal information, securing proprietary data, stopping cyberattacks, and managing electronic files. Addressing privacy and data security matters demands mastery across a wide range of industries, the risks associated with those industries, and the legal specifications of those industries. As data breaches drive news cycles and government agencies race to compound already complex and ever-evolving regulations, these are not should-dos. These are must-dos.
Cozen O’Connor has built a multidisciplinary team of highly skilled and highly regarded attorneys who focus on all aspects of privacy and data security litigation and counseling. We help companies protect data, comply with regulations, and respond to investigations and litigation. We also leverage Cozen O’Connor’s experience and capabilities in dealing with industry-specific legal challenges to assist clients.
Assisting Clients in the Event of Data and Security Breaches and Litigation
One incident of data loss, breach, or cyberattack can undermine years of good will and leave clients with daunting financial, legal, and reputational challenges. When disaster strikes, companies need a true crisis manager at the helm.
In the event of a data privacy or security breach, our attorneys routinely conduct immediate forensic and recovery operations, send notifications, arrange for customer outreach, communicate with government officials, protect clients from liability, and craft public messages. Our experience extends far and wide into the fields of Healthcare, Energy, Financial Services, Transportation, Insurance, Technology and Manufacturing. We also counsel clients on investigations by the Federal Trade Commission (FTC), by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR), and under the Sarbanes-Oxley Act.
Our litigators have successfully represented clients in privacy and data-related litigation in individual, multiparty and class action cases in a multitude of judicial jurisdictions as well as in front of federal regulatory agencies, such as the FTC. Additionally, our State Attorneys General Practice Group is conveniently ready to respond to state investigations, regardless of the breadth or depth.
Leading the Way in Policy and Compliance
In addition to litigating complex cases in this ever-evolving landscape of data and privacy law, Cozen O’Connor is at the forefront of changes in these fields. We counsel clients in connection with complying with Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act, the Electronic Communications Privacy Act (ECPA), the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the Children’s Online Privacy Protection Act (COPPA), and the Fair Credit Reporting Act (FCRA). We also advise on international data transfers and assisting U.S. companies on compliance with the EU Data Protection Directive, including enrolling in and complying with the EU-US Privacy Shield administered by the Department of Commerce.
Cozen O’Connor’s Washington D.C.-based government affairs group closely monitors potential changes in state and federal policy regarding data privacy and electronic information security so that our Public Strategies bipartisan lobbying group can help shape the newest laws and policies. A leader in policy reform, Cozen O’Connor works with clients to ensure policy compliance in this ever-changing regulatory landscape and also routinely represents clients before regulators and legislators.
Our group also has extensive experience in the fast growing and ever-evolving cyber risk market. As a long-time leader in the insurance bar, Cozen O’Connor attorneys have helped develop first and third-party cyber/tech/privacy policies, errors and omissions insurance, and cybercrime policy language. We also advise on coverage under all first-party and third-party lines of insurance, including cyber and technology, and have been involved in managing some of the largest consumer data breaches on behalf of our insurer clients.
April 18, 2019
On April 12, 2019, an Oregon federal jury returned a Friday evening verdict in a Telephone Consumer Protection Act (TCPA) class action that could put the defendant on the hook for $925 million in damages.
The TCPA makes it unlawful to make a telephone call to any cell phone or residential...
April 05, 2019
Well thought-out internal privacy policies and procedures are an essential part of any company’s information management program. These internal policies should not be confused with a company’s external privacy notice, which informs the company’s customers as to how it may process, store, and...
March 22, 2019
The U.S. Supreme Court on Wednesday remanded a class action against Google so that the lower courts could determine whether any of the named plaintiffs have standing under Spokeo, Inc. v. Robbins.
The underlying suit alleged violations of the Stored Communications Act (“SCA”). The SCA...
March 12, 2019
A three-judge panel of the Third Circuit recently affirmed a district court ruling that dismissed a suit for violation of the Fair and Accurate Credit Transaction Act of 2003 (FACTA) for lack of Article III standing. The plaintiff, Ahmed Kamal, alleged that receipts he received from J. Crew showed...
March 05, 2019
With all of the hubbub swirling around Capitol Hill last week with the Michael Cohen hearings, you can’t be blamed if you missed the fact that two important congressional hearings on privacy and data protection took place as well, one in the House and one in the Senate.
First, on February 26,...
March 01, 2019
On February 27, the FTC announced that the operators of the video social networking application Musical.ly, now known as TikTok, agreed to pay $5.7 million to settle allegations that it violated the Children’s Online Privacy Protection Act (COPPA). According to the FTC, this is the largest civil...
February 13, 2019
Since the 1970’s, fair information practices (FIPs) or fair information privacy practices (FIPPs) have formed the framework around which organizations structure their policies on data collection, use, disclosure, and retention. The cornerstone of individual privacy rights under the FIPs is notice...
February 04, 2019
COPPA is a U.S. law enacted by Congress in 1998 to address concerns regarding the online collection and disclosure of children’s personal information. Children (defined by COPPA as individuals under the age of 13) may not appreciate the significance of sharing their personal information online....
January 29, 2019
On January 25, 2019, in Rosenbach v. Six Flags Entm’t Corp., the Illinois Supreme Court held that an individual is an “aggrieved” party under the Illinois Biometric Information Privacy Act (“BIPA”) and may seek damages absent an allegation of harm beyond a violation of the rights conferred by the...
December 18, 2018
On December 12, 2018, Senator Schatz (D-HI), along with 15 other Senators, introduced the Data Care Act of 2018 “to establish duties for online service providers with respect to end user data that such providers collect and use.”
The bill would require online service providers...
December 10, 2018
Amazon, Inc. is on the receiving end of another court order demanding it release the data and recordings associated with one of its Echo smart devices. For the uninitiated, Echo smart devices support voice interaction, music playback, and other administrative tasks for its users. The device...
November 29, 2018
On November 27, 2018, the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held a hearing titled “Oversight of the Federal Trade Commission,” which included testimony from Chairman Joseph Simons and Commissioners Rohit Chopra, Noah Phillips, Rebecca...
November 02, 2018
California continues to pave the way for privacy and cybersecurity legislation as Governor Brown recently signed the first Internet of Things (“IoT”) security law in the United States (SB-327).
While connected devices offer users convenience and efficiency, California lawmakers recognized that...
October 23, 2018
A California federal court recently held in Rushing v. Viacom, Inc. that an arbitration provision in Viacom’s End User License Agreement (“EULA”) was one click shy of enforceability, and denied the company’s motion to dismiss claims against it pending arbitration. Plaintiffs did not receive...
October 16, 2018
In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the Department of Health and Human Services ("HHS"), the previous high was a...
July 20, 2018
On June 28, 2018, a month after the European Union’s General Data Protection Regulation went into effect, California passed its own comprehensive piece of privacy legislation—the California Consumer Privacy Act of 2018 (“CCPA”). The bill was passed as part of an effort to give California residents...
April 05, 2018
A federal court in Texas cut short a putative class action alleging violation of the truncation requirement under the Fair and Accurate Credit Transactions Act (FACTA), sending a clear message to plaintiffs that minor inconvenience flowing from a procedural violation of FACTA does not establish...
March 16, 2018
The Securities and Exchange Commission (“SEC” or “Commission”) has given public companies a heads up on where the Commission is setting its sights in the ever-developing world of cybersecurity. Here’s what you need to know, and what you need to do, to stay on the right side of the SEC.
December 08, 2017
The European Union (EU) Parliament’s new data privacy law, known as the General Data Protection Regulation (GDPR), is set to become enforceable in all EU member states on May 25, 2018, just six months from now. The GDPR replaces the former Data Protection Directive.
Among other things, the...
March 01, 2017
Michael Handler of the Global Insurance Department discusses the state of insurance for present-day data breach claims in Best's Review.
March 03, 2016
Jillian Thornton Flax and Abby Sacunas, both members of Cozen O'Connor's Products Liability practice, discuss the FDA's new guidance on cybersecurity risks for medical devices in Corporate Counsel.
August 05, 2015
Jason Bonk and Calli Jo Padilla discuss the importance of implementing, enforcing and training on policies reflecting the best practices to protect companies against the increasing threat of cyberhacking and privacy breaches.
July 23, 2015
Jennifer Brandt discusses the Ashley Madison hacking scandal and explains how before using a website, posting on social media, or sending an email, consider the ramifications, and consider whether the private information you are providing is really secure.
June 30, 2015
David Walton and Leigh Ann Benson discuss the importance of employers preventing cybersecurity incidents and what the outcome of the Supreme Court case Spokeo v. Robins would mean for class actions brought by their employees.
August 21, 2014
David Walton, vice chair of Cozen O'Connor's Labor & Employment department, authored an article for Law360 titled, ''Big Data's Potential Disparate Impact Problem.'' David argues that big data analytics may soon become ''the backbone for all personnel decisions.'' However, he cautions employers to ensure that protected categories are treated fairly, as ''Blind reliance on big data can lead to major disparate impact issues.''
July 01, 2014
In an article published in Intellectual Property magazine, Chanel Lattimer, associate in Cozen O'Connor's Intellectual Property department, discusses the increase in counterfeit apps and app stores.
April 28, 2014
In a series of articles originally published by InsideCounsel Magazine, David J. Walton discusses the concept of big data and explores its impact on the way we conduct business
April 25, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment department, authored an article for InsideCounsel titled, “You Thought ESI was complicated – Now add big data.” Walton discusses the difficulties lawyers can face when dealing with electronically saved information and how they are increasingly more difficult with the addition of big data
April 11, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment department, authored an article for InsideCounsel, in which he discusses the ways, “big data has sparked a revolution in how corporate America conducts research, identifies customers, advertises itself, and pursues profits.”
April 07, 2014
Camille Miller, co-chair of the Intellectual Property Department, and Chanel Lattimer, associate in the Intellectual Property Department, discuss how Microsoft has received mixed reactions in their efforts to fight online fraud.
March 28, 2014
As companies realize the benefits of big data on their research & development, marketing, sales, branding, and revenue growth, they will increasingly have to reckon with its risks. Utilizing and monetizing big data raises enormous legal questions and potential liabilities. The most salient of these legal issues, at least in the near term, revolve around privacy, regulatory compliance, and duty to intervene.
March 14, 2014
Today, almost every large company collects data about its customers — reams and reams of raw, unstructured data. And they aren’t storing it for posterity. They are using it to do what businesses always try to do: Sell more widgets. More specifically, companies are using big data to identify new customers, advertise more effectively, and develop new products and services.
March 13, 2014
On February 21, 2014, a New York state trial court judge ruled that Zurich American Insurance Company has no duty to defend the Sony Corporation in lawsuits relating to a 2011 cyberattack on its PlayStation network. This decision is among the first in the country to address coverage issues for large scale data security breaches. Judge Jeffrey Oing rendered an immediate decision after hearing oral argument, recognizing the issue’s importance and the likelihood of an appeal.
March 07, 2014
In an article titled “Technology: All databases are not created equal and counsel should know the difference,” Dave Walton, vice chair of Cozen O’Connor’s Labor & Employment Department and co-chair of the firm’s E-Discovery Task Force, discusses big data analytics and the history of data management and analysis to aid in understanding and interpreting these analytics.
February 14, 2014
Yahoo CEO Marissa Mayer said that “big data” will have a bigger impact than the Internet. Consider how the Internet completely changed our lives. It’s hard to imagine anything, let alone the vague concept of “big data,” having that type of impact.Yet, if you have read any article the past year on a legal technology issue, you have undoubtedly heard about big data. There’s still a lot of confusion about big data, its power, its potential, and what it means for lawyers. This article is the first in a series that will explore these issues and illustrate why big data really is (and will continue to be) a big deal for the legal profession.
May 14, 2013
Magistrate Judge Westmore recommended that the U.S. District Court for Northern California award Facebook $2.8 million in damages from typosquatters under the Anticybersquatting Consumer Protection Act (ACPA). Facebook v. Cyber2Media, Inc. et al., Case No. 4:11-cv-03619, (N.D.Ca., April 30, 2013).
March 26, 2013
Last week, in Tyler v. Michaels Stores, Inc., the Supreme Judicial Court of Massachusetts responded to certified questions presented by the district court and interpreted a Massachusetts statute to reflect the state’s interest in protecting consumer privacy. No. SJC-11145, 2013 Mass. LEXIS 40 (Mass. Mar. 11, 2013). In particular, the court held that a consumer’s zip code constitutes personal identification information, and that a consumer can bring an action under the relevant statute absent a claim of identify fraud.
March 07, 2013
On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus Rule). The Omnibus Rule is a group of regulations that finalizes four sets of proposed or interim final rules, including changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act and proposed in 2010; changes to the interim final breach notification rule; modifications to the interim final enforcement rule; and implementation of changes to the Genetic Information Nondiscrimination Act of 2008 (GINA). The Omnibus Rule goes into effect on March 26, 2013, and compliance is required by September 23, 2013. As expected, the Omnibus Rule did not finalize the May 31, 2011 proposed regulation regarding accounting for disclosures.
February 20, 2013
Little more than a week after reports of cyber attacks targeted at the Department of Energy, The New York Times and The Wall Street Journal, President Obama declared in his State of the Union address that these forms of attacks on the nation’s critical infrastructure are rapidly growing and present “real threats to our security and our economy.”
July 20, 2012
First Circuit Court of Appeals Holds Bank’s Online Security Measures “Commercially Unreasonable” in Landmark Decision - Global Insurance Group Alert - In a landmark decision, the 1st Circuit Court of Appeals held in PATCO Construction Company, Inc. v. People's United Bank, No. 11-2031 (1st Cir. July 3, 2012) that People's United Bank (d/b/a Ocean Bank) was required to reimburse its customer, PATCO Construction Co., for approximately $580,000 that had been stolen from PATCO's bank account...
December 01, 2011
Recent media reports of cyber intrusions, data thefts and computer system malfunctions involving large, high-profile companies such as Sony PlayStation, Citigroup and Lockheed’s Security Vendor, RSA, have led a rapidly growing number of companies to consider the necessity of insurance coverage for technology and cyber privacy risks.
September 01, 2011
Increasing reports of cyber intrusions, data theft and computer-system malfunctions have led a rapidly growing number of companies to purchase insurance coverage to protect themselves from technology and cyber-privacy risks.
As our technology-driven economy continues to evolve and businesses become more reliant on electronic communication and data storage, they are developing a heightened awareness that an unauthorized intrusion could endanger their tangible and intangible assets (including intellectual property) and, in many cases, their reputation and ability to conduct business.
December 21, 2010
The Dos and Don'ts of Navigating the Cloud: a Business Guide for Cloud Computing - Corporate Counsel -
August 24, 2010
Cyber - Identity Theft: Our Children At Risk - Insurance Coverage Alert! - Interviewing for your first job as a teenager is as exciting as it is intimidating. The interview proceeds flawlessly, and you start to count the dollar signs as you await the job offer. But, imagine your surprise when you are informed that you did not get the job because your background check revealed that you are more than $75,000 in debt and five years behind in child support payments for your 11-year-old child—a terrifying thought considering you are only 16 years old.
January 18, 2010
A New Era in HIPAA Enforcement: Connecticut Attorney General Files First HITECH Act Suit - Health Law Alert! - Connecticut Attorney General Richard Blumenthal has filed a lawsuit against Health Net of Connecticut, Inc. for violations of the Health Insurance Portability and Accountability Act (“HIPAA”) following Health Net’s loss of protected health information (“PHI”) and other personally identifiable information.
March 03, 2009
The American Recovery and Reinvestment Act of 2009: Sweeping Changes to HIPAA Put Business Associates in the Spotlight - Health Law Alert! - On February 17, 2009, President Obama signed into law the Health Information Technology for Economic and Clinical Health Act (“HITECH” or the “Act”), as part of the American Recovery and Reinvestment Act of 2009. The Act made
sweeping changes to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Privacy and Security Rules promulgated under HIPAA. This Alert focuses
primarily on Subtitle D of HITECH, which includes important
October 01, 2008
HHS' First Resolution Agreement for Alleged HIPAA Violations and What it Means for You - Health Law Alert! - The Department of Health and Human Services
(“HHS”) has entered into its first resolution
agreement with a covered entity to settle alleged
violations of the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy and security rules.1 According to HHS, the resolution agreement with Providence Health & Services (“Providence”), a Seattle-based not-for-profit health system, addresses a series
December 19, 2015
Greg Fliszar and Ryan Blaney, members of Cozen O’Connor’s Health Law practice, discuss best practices for the Health Insurance Portability and Accountability Act (HIPAA) on Forbes.com.
November 01, 2015
David Walton, co-chair of Cozen O’Connor’s Privacy, Data & Cybersecurity Industry Team, discusses his take on communications strategies and data preservation at the firm in Legal Tech News.
June 19, 2015
Michael Schmidt discusses a potential rule by the Wage and Hour Division of the Department of Labor that will focus on the use of technology, including portable electronic devices, by employees away from work and outside of scheduled work hours.
April 14, 2015
Greg Fliszar, of the firm's health law practice, is quoted on the topic of breaches of medical data, and how the number of affected patients is on the rise.
February 23, 2015
Greg Fliszar, a member in the firm's Health Care Practice Group, is quoted in Healthcare Risk Management Review (HRMR) about the recent hacking attack of U.S. health insurer Anthem, and the lessons that can be learned from such an attack.
February 23, 2015
In early February, U.S. health insurer Anthem announced that it has been the victim of a huge hacking attack, with possibly millions of people’s personal information compromised. What lessons can health care risk managers take from this breach? HRMR investigates.
February 17, 2015
In the article titled "The Cost of Cybersecurity: Risks and Responses on the Rise" in The Legal Intelligencer, Matthew Siegel of the Gloabl Insurance Department discusses the increased need for cyberinsurance. Matthew said, "said some insurance policies will provide for lawyers to serve as data breach coaches. Lawyers, he said, can play a lead role in assessing companies' incident response plans and helping put policies in place."
December 08, 2014
In an article titled “8 Cybersecurity Resolutions to Make for 2015,” David Walton, vice chair of Cozen O’Connor’s Labor & Employment Department, discusses New Year’s resolutions that small business owners should make to keep their company’s reputation and customer information safe.
October 21, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment Department, discusses big data and cybercrime in an interview on 92.5 XTU Radio’s Philadelphia Focus.
August 28, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment Department, appeared as a guest contributor on The Price of Business - Business Talk Radio 1110 AM. David explored some of the implications of big data, and addressed issues such as privacy concerns, breach-prevention systems, and post-breach protocols.
May 21, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment Department, was quoted in an article titled ''The Power (and Peril) of Predictive Analytics.'' David discussed the potential benefits and risks of predictive analytics as they relate to the hiring process.
May 02, 2014
In an article titled ''In Big Data report, White House calls for national breach reporting standard,'' David Walton, co-chair of Cozen O'Connor's Privacy, Data and Cybersecurity practice, shares his opinion on the adoption of a national standard for reporting data breaches. David told SCMagazine.com that, while he was in support of a national breach standard being passed, it may still be an uphill battle.