Companies today must rise to meet the challenges posed by a modern digital marketplace: protect personal information, secure proprietary data, stop cyberattacks, and manage electronic files. These are not should-dos. These are must-dos.
Cozen O’Connor was an early leader in the information governance field. Over the last decade, the firm has built a multidisciplinary team that includes well-known labor and employment, insurance, government affairs, IP, health care, and corporate attorneys to help corporate clients safeguard their digital data.
Our Cybersecurity & Privacy team has broad industry experience, including those subject to heightened data security and privacy protection requirements. We regularly counsel clients in health care, energy, financial services, transportation, insurance, technology, and manufacturing, among other sectors.
We provide comprehensive prevention counsel to get the right policies and procedures in place and avert data loss. We handle bring-your-own-device rules, email policies, data storage, IP and trade secret protection, breach-prevention systems, and cybersecurity insurance. We negotiate secure corporate transactions and collaborations in the context of M&A deals, technology transfers, vendor contracts, joint ventures, and other partnership agreements.
Cozen O’Connor’s Washington, D.C.-based government affairs group closely monitors potential changes in state and federal policy regarding data privacy and electronic information security. The firm’s Public Strategies professionals represent clients before regulators and legislators and help shape policies.
Cyber-risk is one of the fastest growing and fastest changing insurance markets today. As a long-time leader in the insurance bar, Cozen O’Connor develops first- and third-party cyber/tech/privacy policies, errors and omissions insurance contracts, and first-party electronic property damage and cybercrime policy language. We also advise on coverage under all first-party and third-party lines of insurance, including cyber and technology.
One incident of data loss, breach, or cyberattack can undermine years of good will and leave clients with daunting financial, legal, and reputational challenges. When disaster strikes, companies need a true crisis manager at the helm. Cozen O’Connor has the experience to lead with calm and confidence. We conduct immediate forensic and recovery operations, send notifications, arrange for customer outreach, communicate with government officials, protect clients from liability, and craft public messages.
When necessary, Cozen O’Connor represents clients in privacy and data-related litigation. We have successfully protected clients in individual, multiparty, and class action cases concerning Internet security, privacy, trade secrets, unfair competition, breach of security, content liability, breach of confidence, transmission of virus, computer crime, and fidelity loss claims.
December 10, 2018
Amazon, Inc. is on the receiving end of another court order demanding it release the data and recordings associated with one of its Echo smart devices. For the uninitiated, Echo smart devices support voice interaction, music playback, and other administrative tasks for its users. The device...
November 29, 2018
On November 27, 2018, the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held a hearing titled “Oversight of the Federal Trade Commission,” which included testimony from Chairman Joseph Simons and Commissioners Rohit Chopra, Noah Phillips, Rebecca...
November 02, 2018
California continues to pave the way for privacy and cybersecurity legislation as Governor Brown recently signed the first Internet of Things (“IoT”) security law in the United States (SB-327).
While connected devices offer users convenience and efficiency, California lawmakers recognized that...
October 23, 2018
A California federal court recently held in Rushing v. Viacom, Inc. that an arbitration provision in Viacom’s End User License Agreement (“EULA”) was one click shy of enforceability, and denied the company’s motion to dismiss claims against it pending arbitration. Plaintiffs did not receive...
October 16, 2018
In the wake of the largest U.S. health care data breach in history, Anthem, Inc., has agreed to pay $16 million to the Office for Civil Rights, which is a record settlement for alleged HIPAA violations. According to the Department of Health and Human Services ("HHS"), the previous high was a...
July 20, 2018
On June 28, 2018, a month after the European Union’s General Data Protection Regulation went into effect, California passed its own comprehensive piece of privacy legislation—the California Consumer Privacy Act of 2018 (“CCPA”). The bill was passed as part of an effort to give California residents...
April 05, 2018
A federal court in Texas cut short a putative class action alleging violation of the truncation requirement under the Fair and Accurate Credit Transactions Act (FACTA), sending a clear message to plaintiffs that minor inconvenience flowing from a procedural violation of FACTA does not establish...
March 16, 2018
The Securities and Exchange Commission (“SEC” or “Commission”) has given public companies a heads up on where the Commission is setting its sights in the ever-developing world of cybersecurity. Here’s what you need to know, and what you need to do, to stay on the right side of the SEC.
December 08, 2017
The European Union (EU) Parliament’s new data privacy law, known as the General Data Protection Regulation (GDPR), is set to become enforceable in all EU member states on May 25, 2018, just six months from now. The GDPR replaces the former Data Protection Directive.
Among other things, the...
November 06, 2017
Take note GCs: The question is not if you will have to respond to a cybersecurity incident—the question is when. That was the message from speakers and panelists at the Association of Corporate Counsel’s annual meeting this year.
Indeed, the majority of all U.S. businesses have experienced at...
October 05, 2017
The House Financial Services Committee this morning rounded out a full week of congressional hearings for former Equifax CEO Richard Smith. Chairman Jeb Hensarling (R-TX) reiterated his earlier calls for national standards for data security and breach notifications.
Ranking Member Maxine...
October 04, 2017
Richard Smith, former Chairman and CEO of Equifax, faced his third congressional hearing in two days, appearing this afternoon before the Senate Judiciary Committee’s Privacy, Technology, and the Law Subcommittee to discuss the recently revealed Equifax data breach and efforts to monitor data...
October 04, 2017
Former Equifax chief Richard Smith returned to Capitol Hill for a second day of congressional hearings into his company’s data breach, this time appearing before the Senate Banking, Housing, and Urban Affairs Committee.
Committee Chairman Mike Crapo (R-ID) characterized the Equifax breach as...
October 03, 2017
The House Committee on Energy and Commerce’s Subcommittee on Digital and Consumer Protection held the first in what will be a series of Congressional hearings on the recently revealed data breach at major credit agency Equifax. Former CEO of Equifax Richard Smith testified before the committee on...
August 30, 2017
We recently wrote about a decision in Attias v. CareFirst, Inc., holding that a class of plaintiffs whose information was compromised in a cyberattack had sufficiently demonstrated standing to survive a motion to dismiss. The U.S. Court of Appeals for the Ninth Circuit now has added to the toolbox...
August 17, 2017
A recent federal appellate decision suggests that it might be getting easier for cyberattack plaintiffs to establish standing in a manner sufficient to survive a motion to dismiss. According to the U.S. Court of Appeals for the District of Columbia Circuit, people whose personal information was...
April 27, 2017
Yes, I know that I ooze wit, but seriously, on the 25 May 2018, the new GDPR will come into force, which replaces the current data protection regulations (irrespective of Brexit). The principle at the heart of the GDPR is that personal data can only be gathered under strict conditions for legitimate...
April 12, 2017
Coca-Cola won big last month when it secured summary judgment in a privacy class action brought by a former bottling plant employee concerning compromised personal information. Hon. Joseph Leeson of the Eastern District of Pennsylvania found that Coca-Cola was not under any contractual...
March 01, 2017
Michael Handler of the Global Insurance Department discusses the state of insurance for present-day data breach claims in Best's Review.
March 03, 2016
Jillian Thornton Flax and Abby Sacunas, both members of Cozen O'Connor's Products Liability practice, discuss the FDA's new guidance on cybersecurity risks for medical devices in Corporate Counsel.
August 05, 2015
Jason Bonk and Calli Jo Padilla discuss the importance of implementing, enforcing and training on policies reflecting the best practices to protect companies against the increasing threat of cyberhacking and privacy breaches.
July 23, 2015
Jennifer Brandt discusses the Ashley Madison hacking scandal and explains how before using a website, posting on social media, or sending an email, consider the ramifications, and consider whether the private information you are providing is really secure.
June 30, 2015
David Walton and Leigh Ann Benson discuss the importance of employers preventing cybersecurity incidents and what the outcome of the Supreme Court case Spokeo v. Robins would mean for class actions brought by their employees.
August 21, 2014
David Walton, vice chair of Cozen O'Connor's Labor & Employment department, authored an article for Law360 titled, ''Big Data's Potential Disparate Impact Problem.'' David argues that big data analytics may soon become ''the backbone for all personnel decisions.'' However, he cautions employers to ensure that protected categories are treated fairly, as ''Blind reliance on big data can lead to major disparate impact issues.''
July 01, 2014
In an article published in Intellectual Property magazine, Chanel Lattimer, associate in Cozen O'Connor's Intellectual Property department, discusses the increase in counterfeit apps and app stores.
April 28, 2014
In a series of articles originally published by InsideCounsel Magazine, David J. Walton discusses the concept of big data and explores its impact on the way we conduct business
April 25, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment department, authored an article for InsideCounsel titled, “You Thought ESI was complicated – Now add big data.” Walton discusses the difficulties lawyers can face when dealing with electronically saved information and how they are increasingly more difficult with the addition of big data
April 11, 2014
David Walton, vice chair of Cozen O’Connor’s Labor & Employment department, authored an article for InsideCounsel, in which he discusses the ways, “big data has sparked a revolution in how corporate America conducts research, identifies customers, advertises itself, and pursues profits.”
April 07, 2014
Camille Miller, co-chair of the Intellectual Property Department, and Chanel Lattimer, associate in the Intellectual Property Department, discuss how Microsoft has received mixed reactions in their efforts to fight online fraud.
March 28, 2014
As companies realize the benefits of big data on their research & development, marketing, sales, branding, and revenue growth, they will increasingly have to reckon with its risks. Utilizing and monetizing big data raises enormous legal questions and potential liabilities. The most salient of these legal issues, at least in the near term, revolve around privacy, regulatory compliance, and duty to intervene.
March 14, 2014
Today, almost every large company collects data about its customers — reams and reams of raw, unstructured data. And they aren’t storing it for posterity. They are using it to do what businesses always try to do: Sell more widgets. More specifically, companies are using big data to identify new customers, advertise more effectively, and develop new products and services.
March 13, 2014
On February 21, 2014, a New York state trial court judge ruled that Zurich American Insurance Company has no duty to defend the Sony Corporation in lawsuits relating to a 2011 cyberattack on its PlayStation network. This decision is among the first in the country to address coverage issues for large scale data security breaches. Judge Jeffrey Oing rendered an immediate decision after hearing oral argument, recognizing the issue’s importance and the likelihood of an appeal.
March 07, 2014
In an article titled “Technology: All databases are not created equal and counsel should know the difference,” Dave Walton, vice chair of Cozen O’Connor’s Labor & Employment Department and co-chair of the firm’s E-Discovery Task Force, discusses big data analytics and the history of data management and analysis to aid in understanding and interpreting these analytics.
February 14, 2014
Yahoo CEO Marissa Mayer said that “big data” will have a bigger impact than the Internet. Consider how the Internet completely changed our lives. It’s hard to imagine anything, let alone the vague concept of “big data,” having that type of impact.Yet, if you have read any article the past year on a legal technology issue, you have undoubtedly heard about big data. There’s still a lot of confusion about big data, its power, its potential, and what it means for lawyers. This article is the first in a series that will explore these issues and illustrate why big data really is (and will continue to be) a big deal for the legal profession.
May 14, 2013
Magistrate Judge Westmore recommended that the U.S. District Court for Northern California award Facebook $2.8 million in damages from typosquatters under the Anticybersquatting Consumer Protection Act (ACPA). Facebook v. Cyber2Media, Inc. et al., Case No. 4:11-cv-03619, (N.D.Ca., April 30, 2013).
March 26, 2013
Last week, in Tyler v. Michaels Stores, Inc., the Supreme Judicial Court of Massachusetts responded to certified questions presented by the district court and interpreted a Massachusetts statute to reflect the state’s interest in protecting consumer privacy. No. SJC-11145, 2013 Mass. LEXIS 40 (Mass. Mar. 11, 2013). In particular, the court held that a consumer’s zip code constitutes personal identification information, and that a consumer can bring an action under the relevant statute absent a claim of identify fraud.
March 07, 2013
On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus Rule). The Omnibus Rule is a group of regulations that finalizes four sets of proposed or interim final rules, including changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act and proposed in 2010; changes to the interim final breach notification rule; modifications to the interim final enforcement rule; and implementation of changes to the Genetic Information Nondiscrimination Act of 2008 (GINA). The Omnibus Rule goes into effect on March 26, 2013, and compliance is required by September 23, 2013. As expected, the Omnibus Rule did not finalize the May 31, 2011 proposed regulation regarding accounting for disclosures.
February 20, 2013
Little more than a week after reports of cyber attacks targeted at the Department of Energy, The New York Times and The Wall Street Journal, President Obama declared in his State of the Union address that these forms of attacks on the nation’s critical infrastructure are rapidly growing and present “real threats to our security and our economy.”
July 20, 2012
First Circuit Court of Appeals Holds Bank’s Online Security Measures “Commercially Unreasonable” in Landmark Decision - Global Insurance Group Alert - In a landmark decision, the 1st Circuit Court of Appeals held in PATCO Construction Company, Inc. v. People's United Bank, No. 11-2031 (1st Cir. July 3, 2012) that People's United Bank (d/b/a Ocean Bank) was required to reimburse its customer, PATCO Construction Co., for approximately $580,000 that had been stolen from PATCO's bank account...
December 01, 2011
Recent media reports of cyber intrusions, data thefts and computer system malfunctions involving large, high-profile companies such as Sony PlayStation, Citigroup and Lockheed’s Security Vendor, RSA, have led a rapidly growing number of companies to consider the necessity of insurance coverage for technology and cyber privacy risks.
September 01, 2011
Increasing reports of cyber intrusions, data theft and computer-system malfunctions have led a rapidly growing number of companies to purchase insurance coverage to protect themselves from technology and cyber-privacy risks.
As our technology-driven economy continues to evolve and businesses become more reliant on electronic communication and data storage, they are developing a heightened awareness that an unauthorized intrusion could endanger their tangible and intangible assets (including intellectual property) and, in many cases, their reputation and ability to conduct business.
December 21, 2010
The Dos and Don'ts of Navigating the Cloud: a Business Guide for Cloud Computing - Corporate Counsel -
August 24, 2010
Cyber - Identity Theft: Our Children At Risk - Insurance Coverage Alert! - Interviewing for your first job as a teenager is as exciting as it is intimidating. The interview proceeds flawlessly, and you start to count the dollar signs as you await the job offer. But, imagine your surprise when you are informed that you did not get the job because your background check revealed that you are more than $75,000 in debt and five years behind in child support payments for your 11-year-old child—a terrifying thought considering you are only 16 years old.
January 18, 2010
A New Era in HIPAA Enforcement: Connecticut Attorney General Files First HITECH Act Suit - Health Law Alert! - Connecticut Attorney General Richard Blumenthal has filed a lawsuit against Health Net of Connecticut, Inc. for violations of the Health Insurance Portability and Accountability Act (“HIPAA”) following Health Net’s loss of protected health information (“PHI”) and other personally identifiable information.
March 03, 2009
The American Recovery and Reinvestment Act of 2009: Sweeping Changes to HIPAA Put Business Associates in the Spotlight - Health Law Alert! - On February 17, 2009, President Obama signed into law the Health Information Technology for Economic and Clinical Health Act (“HITECH” or the “Act”), as part of the American Recovery and Reinvestment Act of 2009. The Act made
sweeping changes to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Privacy and Security Rules promulgated under HIPAA. This Alert focuses
primarily on Subtitle D of HITECH, which includes important
October 01, 2008
HHS' First Resolution Agreement for Alleged HIPAA Violations and What it Means for You - Health Law Alert! - The Department of Health and Human Services
(“HHS”) has entered into its first resolution
agreement with a covered entity to settle alleged
violations of the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy and security rules.1 According to HHS, the resolution agreement with Providence Health & Services (“Providence”), a Seattle-based not-for-profit health system, addresses a series