Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Data breach

Journal

Discipline
Institution
Publication Year
Publication

Articles 1 - 23 of 23

Full-Text Articles in Law

Redefining The Injury-In-Fact: Treating Personally Identifying Information As Bailed Property, Austin Headrick Jan 2024

Redefining The Injury-In-Fact: Treating Personally Identifying Information As Bailed Property, Austin Headrick

Georgia Law Review

There is a long-existing circuit split among federal courts of appeals as to whether an individual has standing under Article III of the United States Constitution when their personally identifying information (PII) is stolen from an entity to which they entrusted it such as a hospital or bank. Federal courts disagree as to whether an individual whose PII has been stolen—without more—has suffered an injury-in-fact, a necessary element of standing. The disagreement between the courts centers on whether the injury-in-fact has already occurred at the time the PII is stolen or whether the injury occurs once the PII has been …


The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro Jul 2023

The Need For Cyber Resilience Of Space Assets: Law And Policy Considerations Of Ensuring Cybersecurity In Outer Space, Daniella Febbraro

Canadian Journal of Law and Technology

In 2018, NASA’s Jet Propulsion Laboratory was the subject of a data breach where over 500 megabytes of data from a major mission system was stolen by hackers. This attack affected NASA’s Deep Space Network, prompting the United States Johnson Space Center to disconnect the International Space Station from the affected gateway due to fears that mission systems could become compromised. NASA has acknowledged that its vast online presence, which includes thousands of publicly accessible datasets, offers a large potential target for cybercriminals. The 2018 incident was one of many, with NASA experiencing more than 6000 cyberattacks from 2017-2021 alone. …


Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter May 2023

Cyberattacks: An Underlying Condition Exacerbated By The Covid-19 Pandemic, Kaitlyn Palmeter

The Journal of Business, Entrepreneurship & the Law

COVID-19 continues to change the world in unforeseen ways triggering a new era of corporate data breaches. This article will illustrate how cyberattacks have increased in severity during the pandemic, how current laws and government officials are trying to evolve with the current threats and technology, how victims of cyberattacks risk sanctions and potential lawsuits, and concludes by suggesting solutions throughout to increase Cybersecurity.


Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa May 2022

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …


Patching The Data Security Blanket: How A Stronger, Collaborative Ftc Is The Answer Right Under Our Nose, Jose A. Gonzalez Lopez Jan 2022

Patching The Data Security Blanket: How A Stronger, Collaborative Ftc Is The Answer Right Under Our Nose, Jose A. Gonzalez Lopez

Marquette Intellectual Property & Innovation Law Review

None


Circuit Courts Split: Victim Of A Data Breach? Can You “Stand” And Sue In Federal Court?, Darlyn De La Rosa Jan 2021

Circuit Courts Split: Victim Of A Data Breach? Can You “Stand” And Sue In Federal Court?, Darlyn De La Rosa

FIU Law Review

No abstract provided.


Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes Nov 2020

Symposium: The California Consumer Privacy Act, Margot Kaminski, Jacob Snow, Felix Wu, Justin Hughes

Loyola of Los Angeles Law Review

Loyola of Los Angeles Law Review is pleased to publish the third “symposium discussion” series in which leading experts are invited to engage in an evening symposium on a new or emerging area of law. The subject of our second evening symposium was the California Consumer Privacy Act (CCPA), a statute signed into state law by then- Governor Jerry Brown on June 28, 2018 and effective as of January 1, 2020.

As with most new law, there are many unsettled issues, disagreements about the likely impact of the law, and much to be developed as regulations are established and the …


Forging A Path Towards Meaningful Digital Privacy: Data Monetization And The Ccpa, Rebecca Harris Nov 2020

Forging A Path Towards Meaningful Digital Privacy: Data Monetization And The Ccpa, Rebecca Harris

Loyola of Los Angeles Law Review

The California Consumer Privacy Act (CCPA) was passed in response to a number of newsworthy data breaches with widespread impacts, and which revealed how little digital privacy consumers actually have. Despite the large market for consumer data, individual consumers generally do not earn money when their personal data are sold. Further, consumers have very little control over who collects their data, what information is collected, and with whom it is shared. To place control back in the hands of the consumer, affirmative consent should be required to collect and sell consumer’s data, and consumers should have the ability to sell …


Untangling The Privacy Law Web: Why The California Consumer Privacy Act Furthers The Need For Federal Preemptive Legislation, Jordan Yallen May 2020

Untangling The Privacy Law Web: Why The California Consumer Privacy Act Furthers The Need For Federal Preemptive Legislation, Jordan Yallen

Loyola of Los Angeles Law Review

No abstract provided.


The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada Jan 2020

The (Possibly) Injured Consumer: Standing In Data Breach Litigation, Lauren M. Lozada

St. John's Law Review

(Excerpt)

This Note will address the question of what factors a prospective plaintiff must display to “push [a] threatened injury of future identity theft beyond the speculative to the sufficiently imminent.” Part I will delve into relevant statistics to identify the characteristics of a data breach that most often lead to eventual identity theft. Part II will explore recent data breach standing cases and analyze the factual differences and legal perspectives that have led to disparate results among the federal circuits. Lastly, Part III will recommend a method for evaluating future data breach standing issues.


Legislative And Regulatory Obligations On Corporate Attorneys: Production Data In The World Of Sarbanes Oxley And General Data Protections, David Tersteeg Jul 2019

Legislative And Regulatory Obligations On Corporate Attorneys: Production Data In The World Of Sarbanes Oxley And General Data Protections, David Tersteeg

Northern Illinois University Law Review

Sarbanes Oxley, General Data Protection Regulation, and the American Bar Association's Model Rules place significant professional and personal obligations on attorneys who represent organizations in regard to their organization's handling of production and personal data. There are significant areas of vulnerability to the production and personal data that are frequently overlooked or ignored which significantly increase the likelihood and damage from a data breach. This article will provide an overview of the obligations, recent data breaches, the foreseeability and material impacts of data breaches, and a methodology to drive improvement in an organization.


The Path To Standing: Asserting The Inherent Injury Of The Data Breach, Jennifer M. Joslin Jun 2019

The Path To Standing: Asserting The Inherent Injury Of The Data Breach, Jennifer M. Joslin

Utah Law Review

Data breaches are on the rise as consumers continue to exchange personally identifiable information for goods and services in sectors from retail to healthcare. In the aftermath of a data breach, it has been difficult for victims of the breach to establish Article III standing to sue in federal courts. The primary hurdle for those seeking a remedy for the theft of their data has been showing that they have suffered an injury-in-fact. Plaintiffs typically assert an injury based on the increased risk of identity theft following a breach. However, courts have divided on whether such an injury satisfies the …


Protecting Personal Data: A Model Data Security And Breach Notifications Statute, Michael Bloom May 2019

Protecting Personal Data: A Model Data Security And Breach Notifications Statute, Michael Bloom

St. John's Law Review

(Excerpt)

This Note argues that current law is inadequate to protect consumers in light of the prevalence and severity of data breaches in recent years, and that a unifying federal legislation combining portions of state law and the DSBNA should be enacted. Part I of this Note analyzes the DSBNA for notification requirements when data breaches occur, the requirements for the implementation of security policies, regulatory mechanisms for monitoring compliance with these requirements, and criminal penalties for failing to comply. Part II summarizes the various state laws that exist for notification of data breaches. Part III proposes a model federal …


Chambliss V. Carefirst, Inc., Sarah Fucci Apr 2019

Chambliss V. Carefirst, Inc., Sarah Fucci

NYLS Law Review

No abstract provided.


Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera Jan 2019

Face Off: An Examination Of State Biometric Privacy Statutes & Data Harm Remedies, Maya E. Rivera

Fordham Intellectual Property, Media and Entertainment Law Journal

As biometric authentication becomes an increasingly popular method of security among consumers, only three states currently have statutes detailing how such data may be collected, used, retained, and released. The Illinois Biometric Information Privacy Act is the only statute of the three that enshrines a private right of action for those who fail to properly handle biometric data. Both the Texas Capture or Use Biometric Identifier Act Information Act and the Washington Biometric Privacy Act allow for state Attorneys General to bring suit on behalf of aggrieved consumers. This Note examines these three statutes in the context of data security …


Cancelled Credit Cards: Substantial Risk Of Future Injury As A Basis For Standing In Data Breach Cases, Jennifer Wilt Jan 2018

Cancelled Credit Cards: Substantial Risk Of Future Injury As A Basis For Standing In Data Breach Cases, Jennifer Wilt

SMU Law Review

No abstract provided.


Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom Nov 2017

Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom

Catholic University Law Review

As technology continues to be an integral part of daily life, there lies an ever-increasing threat of the personally identifiable information of consumers being lost, stolen, or accessed without authorization. The Federal Trade Commission (FTC) is the U.S. government’s primary consumer protection agency and the country’s lead enforcer against companies subject to data breaches. Although the FTC lacks explicit statutory authority to enforce against data breaches, the Commission has successfully relied on Section 5 of the FTC Act (FTCA) to exercise its consumer protection power in the data security context. However, as the FTC continues to take action against businesses …


The Skeleton Of A Data Breach: The Ethical And Legal Concerns, Hilary G. Buttrick, Jason Davidson, Richard J. Mcgowan Dec 2016

The Skeleton Of A Data Breach: The Ethical And Legal Concerns, Hilary G. Buttrick, Jason Davidson, Richard J. Mcgowan

Richmond Journal of Law & Technology

After over thirty data breaches spanning the third and fourth quarter of 2012, Forbes magazine labeled the summer of 2012 as “The Summer of the Data Breach.” Four years later, businesses across multiple industries have suffered brand-image damage and paid millions of dollars in remedial expenses; we are living in the era of the mega breach. In 2014, companies such as Target, Home Depot, JP Morgan Chase, Anthem, Sony, UPS, Jimmy John’s, Kmart, Neiman Marcus, Community Health Systems, and the White House suffered data breaches. The Home Depot breach alone resulted in the loss of “56 million credit card accounts,” …


Clapper Dethroned: Imminent Injury And Standing For Data Breach Lawsuits In Light Of Ashley Madison, Arthur R. Vorbrodt Jun 2016

Clapper Dethroned: Imminent Injury And Standing For Data Breach Lawsuits In Light Of Ashley Madison, Arthur R. Vorbrodt

Washington and Lee Law Review Online

No abstract provided.


A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini Jun 2016

A Day In Court For Data Breach Plaintiffs: Preserving Standing Based On Increased Risk Of Identity Theft After Clapper V. Amnesty International Usa, Thomas Martecchini

Michigan Law Review

Following a data breach, consumers suffer an increased risk of identity theft because of the exposure of their personal information. Limited protection by data-breach statutes has made it difficult for consumers to seek compensation for these injuries and penalize the companies that fail to protect their information, leading consumers to bring common law claims in court. Yet courts have disagreed about whether an increased risk of identity theft qualifies as an injury-in-fact under Article III standing principles: the Seventh and Ninth Circuits have approved of increased risk standing, while the Third Circuit has rejected it. The Supreme Court has further …


Gone But Not Forgotten: Recognizing The Right To Be Forgotten In The U.S. To Lessen The Impacts Of Data Breaches, Ashley Stenning Jan 2016

Gone But Not Forgotten: Recognizing The Right To Be Forgotten In The U.S. To Lessen The Impacts Of Data Breaches, Ashley Stenning

San Diego International Law Journal

This Comment will explore the right to be forgotten, how it is recognized in the European Union, and the trend toward the existence of such a right in the United States. Additionally, this comment will discuss how the right to be forgotten could lessen the impact data breaches have on individuals through the lens of the Ashley Madison hack. Lastly, this comment will discuss how, if the United States narrowed the scope of the European Union’s concept of the right to be forgotten to fit into the United States’ view of privacy and the First Amendment, the impact of data …


Incentivizing The Protection Of Personally Identifying Consumer Data After The Home Depot Breach, Ryan F. Manion Dec 2015

Incentivizing The Protection Of Personally Identifying Consumer Data After The Home Depot Breach, Ryan F. Manion

Indiana Law Journal

The breach of payment card systems at the Home Depot in 2014 resulted in the theft of a wealth of information. This Note will examine the facts and legal consequences of the Home Depot breach under three separate frameworks. First, this Note will examine the Home Depot’s responsibilities arising under existing data breach notification statutes. Second, this Note examines the Home Depot’s potential liability if the recent bill introduced by Senator Leahy of Vermont proposing a federal data breach notification framework becomes law; ultimately, however, this Note finds that state notification statutes fail to adequately protect consumers, and Senator Leahy’s …


Ohio's Aggressive Attack On Medical Identity Theft, Stanley C. Ball Jan 2011

Ohio's Aggressive Attack On Medical Identity Theft, Stanley C. Ball

Journal of Law and Health

This note explains the severity of medical identity theft and the state and federal legislative reactions to the problem. Specifically, the note discusses data breach notification statutes that require healthcare providers to notify consumers when the systems holding customer personal information are breached. The note concludes that Ohio’s data breach notification statute, which does not expressly cover healthcare providers, should be amended to protect residents from medical identity theft and provide redress when healthcare providers violate state law.