Category: Cybersecurity

First Biometric Information Privacy Act Trial Results in $228M Verdict

Share

Last week, the first jury trial under the Illinois Biometric Privacy Act (BIPA) resulted in a $228 million verdict in favor of the plaintiff and the class.

The case, Rogers v. BNSF Railway Co., was filed in May 2019 and was pending in the U.S. District Court for the Northern District of Illinois. A class was certified in March 2022. Plaintiff alleged that BNSF unlawfully scanned his and other truck drivers’ fingerprints for identity verification when he and they visited BNSF rail yards. He claimed the company took this scan without written notice or consent as required under BIPA. BNSF argued, among other things, that the third-party vendor it hired to control gate access was the only party to collect drivers’ fingerprints, and that BNSF therefore had not independently violated BIPA.

Pretrial briefing in the case was extensive. Each side filed several motions in limine seeking to bar or include certain evidence in the trial. For example, the Plaintiff found several references to use of “biometrics” or “biometric identities” on BNSF’s website that they alleged were responsive to former document requests. Anticipating objections from BNSF, Plaintiff filed a preemptive motion asking the court to permit them to introduce these exhibits at trial. Plaintiff were able to use this information at the trial and suggest that BNSF was aware of the biometric collection and that BNSF itself was collecting the information.

Continue reading “First Biometric Information Privacy Act Trial Results in $228M Verdict”

Protecting Your Internet Brand and Online Identity – Faegre Drinker on Law and Technology Podcast

Share

In current times where an online presence is just as crucial as a business’s physical assets, it is more important than ever to proactively protect and maintain your organization’s brand and identity. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss discusses strategies and solutions to protect your brand with intellectual property partner Tore DeBella.

The conversation tackles a number of questions, including:

  • How do we protect a company’s brand and how does that affect the organization’s identity?
  • What are the primary ways bad actors can attack a company’s brand or identity online?
  • How can an organization protect their domain?
  • What steps can clients take to protect their brands and identities online?

Continue reading “Protecting Your Internet Brand and Online Identity – Faegre Drinker on Law and Technology Podcast”

Artificial Intelligence Briefing: FTC Holds Forum on Commercial Surveillance and Data Security

Share

Our latest briefing explores the recent FTC commercial surveillance and data security forum (including discussion on widespread use of AI and algorithms in advertising), California’s inquiry into potentially discriminatory health care algorithms, and the recent California Department of Insurance workshop that could shape future rulemaking regarding the industry’s use of artificial intelligence, machine learning and algorithms.

Continue reading “Artificial Intelligence Briefing: FTC Holds Forum on Commercial Surveillance and Data Security”

What Are Blockchain, Crypto and NFTs? A Deeper Look – Faegre Drinker on Law and Technology Podcast

Share

As of March 2022, there are more than 18,000 different crypto currencies in service for a total market capitalization of $2 trillion. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss chats with Faegre Drinker partner Jeff Blumberg and associate Jane Blaney, to revisit the world of crypto and not only discuss the foundations of crypto currencies, but also explore the world of blockchain and non-fungible tokens, or NFTs.

The conversation tackles a number of questions, including:

  • What is blockchain and what makes it different from traditional recordkeeping processes?
  • What exactly is crypto currency? What is important to understand about it?
  • What exactly is an NFT? How do they work in easy-to-understand concepts?
  • What uses are there for blockchain, both using crypto currencies and in uses other than crypto currency?
  • Are crypto currencies considered “legal tender”? Can people use them like normal money?
  • How can and will NFTs be used in other ways in our society as these concepts grow?

Continue reading “What Are Blockchain, Crypto and NFTs? A Deeper Look – Faegre Drinker on Law and Technology Podcast”

NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment

Share

The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. Comments are due by September 29, 2022.

NIST, part of the U.S. Department of Commerce, helps individuals and businesses of all sizes better understand, manage and reduce their respective “risk footprint.”  Although the NIST AI RMF is a voluntary framework, it has the potential to impact legislation. NIST frameworks have previously served as basis for state and federal regulations, like the 2017 New York State Department of Financial Services Cybersecurity Regulation (23 NYCRR 500).

The AI RMF was designed and is intended for voluntary use to address potential risks in “the design, development, use and evaluation of AI products, services and systems.” NIST envisions the AI RMF to be a “living document” that will be updated regularly as technology and approaches to AI reliability to evolve and change over time.

Continue reading “NIST Releases New Draft of Artificial Intelligence Risk Management Framework for Comment”

Court of Justice of the European Union Recognizes Inferred Special Categories of Personal Data

Share

On August 1, 2022, the Court of Justice of the European Union (CJEU) issued an opinion regarding a Lithuanian data protection case that may signal an expansion of interpretation of the definition of sensitive personal data under the EU’s General Data Protection Regulation (GDPR). Specifically, the CJEU found that data indirectly disclosing sexual orientation constitutes sensitive personal data.

At issue was a Lithuanian law that requires the Chief Official Ethics Commission of Lithuania to publish information about the private interests of public officials in an effort to combat corruption. In the facts underlying the case, a Lithuanian official objected to the Chief Official Ethics Commission’s online publication of his private interest information, which included his spouse’s name. The CJEU concluded that the publication of such information was prohibited by the GDPR because it was “liable to disclose indirectly the sexual orientation of a natural person,” a type of special category of personal data generally prohibited from processing under GDPR Article 9 (processing of special categories of personal data) unless certain additional conditions are satisfied such as the data subject’s explicit consent, or that processing is necessary for reasons of substantial public interest.

Continue reading “Court of Justice of the European Union Recognizes Inferred Special Categories of Personal Data”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy