In early July, investigations by a Chinese cybersecurity regulatory agency, the Cyberspace Administration of China (“CAC”), into at least three China-based technology companies—DiDi Global Inc. (“DiDi”), Full Truck Alliance Co. Ltd. (“FTA”), and Kanzhun Limited (“Kanzhun”)—were purportedly revealed weeks after each conducted a substantial initial public offering (“IPO”) on a United States stock exchange. These […]
Data Breach Litigation
2021 Developments in State Cybersecurity Safe Harbor Laws
Only four months in and 2021 has already been a big year for state cybersecurity safe harbor legislation. Two states, Utah and Connecticut, have recently enacted or introduced a breach litigation safe harbor to incentivize businesses to protect personal information by adopting industry-recognized cybersecurity frameworks such as the National Institute of Standards and Technology’s (NIST) […]
Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing
In what appears to be a growing trend, another federal district court has dismissed a data breach case for lack of standing. In Springmeyer et al. v. Marriott International, Inc., 2021 WL 809894 (D. Md.), Plaintiffs, former guests of Marriott hotels, sued Marriott in connection with a data breach affecting over 5 million guests. Marriott moved […]
NYDFS Reports Major Cybersecurity Settlement
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]
Eleventh Circuit Holds Risk of Future Harm Does Not Establish Article III Standing
As part of a growing trend, the Eleventh Circuit recently held that an alleged risk of future identity theft does not establish standing where the plaintiff does not allege any information has actually been misused. Tsao v. Captiva MVP Rest. Partners, LLC, No. 18-14959, 2021 U.S. App. LEXIS 3055 (11th Cir. Feb. 4, 2021). The […]