Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Recent Data Breach Insurance Coverage Decision: Court Holds Insurer Not Obligated to Cover Damages from Lost Tapes Containing Personal Information When No Evidence Tapes Were Read

The Connecticut Supreme Court recently issued an opinion confirming that a Commercial General Liability (CGL) policy’s personal or advertising injury coverage did not provide coverage for damages resulting from lost data storage tapes where the tapes contained personal identifying information, but the party seeking coverage could not show that the tapes had been accessed.  Recall Total...

Cybersecurity Is Key Priority for FSOC in 2015

Cybersecurity was a critical area of focus of the Financial Stability Oversight Council’s (“FSOC”) recently released 2015 Annual Report (the “Report”).  The Report, which provides both a consolidated view of important challenges facing the financial system and a road map of FSOC’s key priorities in the upcoming year, identified cybersecurity as a growing concern and warned that cyber...

Data Breach Class Action Plaintiffs Lack Standing

A federal court in New Jersey is the latest in a series of courts to dismiss a putative data breach class action due to plaintiffs’ failure to adequately plead standing. In re Horizon Healthcare Services, Inc. Data Breach Litigation, No. 2:13-cv-07418-CCC-JBC (D.N.J. Mar. 31, 2015). This class action was brought against a health insurer that suffered a data breach through the theft of...

What Funds Can Take Away From SEC Cybersecurity Guidance

In late April 2015, the U.S. Securities and Exchange Commission responded to the heightened risk of data breaches at the entities it regulates by issuing prescriptive guidance on cybersecurity for all investment advisers and registered investment companies, including mutual funds, insurance separate accounts and business development companies (funds). In her article for Law360,...

DOJ Publishes Cyberincident Response Best Practices Document

The Cybersecurity Unit of the Department of Justice (DOJ) has published a “best practices” document to assist organizations in developing a response plan for cyberincidents. The document, titled Best Practices for Victim Response and Reporting of Cyber Incidents, focuses on steps organizations should take before, during and after a cyberincident and emphasizes the need for...