Chicago, IL

When Chicago law firm Edelson P.C. filed a complaint against DoNotPay, self-described as “the world’s first robot lawyer,” it may have shorted out the automated barrister’s circuits by alleging the unauthorized practice of law.

A recent Illinois Supreme Court ruling that treats each scan of a person’s biometric information as a separate, actionable violation arguably incentivizes plaintiffs to delay bringing suit as long as possible for purposes of “racking up” damages. This is at least the third Illinois Supreme Court opinion that seemingly justifies exorbitant damage awards as a way to encourage private businesses to comply with BIPA.

The Illinois Supreme Court held a five-year limitations period applies to all causes of action under BIPA, rejecting the First District’s bifurcated approach, which applied a one-year limitations period to certain sections and a five-year limitations period to others.

Silent cyber, move aside – silent crypto is the new kid on the block. For the past few years, as cyber-attacks have proliferated, insurance carriers have been forced to address potential “silent cyber” exposure in conventional, non-cyber liability insurance policies. Now, carriers may be forced to contend with “silent crypto” exposure that they did not intend to insure. The recent implosion of crypto firm FTX and its affiliates provides a case study for potential crypto exposure under traditional insurance policies. Using the FTX debacle, this series discusses potential liability exposure and coverage under Directors and Officers and Corporate Liability Insurance (Part I), Accountants Professional Liability Insurance (Part II), Lawyers Professional Liability Insurance (Part III), and Crime and Custody Coverage for Crypto Assets (Part IV).

Silent cyber, move aside – silent crypto is the new kid on the block. For the past few years, as cyber-attacks have proliferated, insurance carriers have been forced to address potential “silent cyber” exposure in conventional, non-cyber liability insurance policies. Now, carriers may be forced to contend with “silent crypto” exposure that they did not intend to insure. The recent implosion of crypto firm FTX and its affiliates provides a case study for potential crypto exposure under traditional insurance policies. Using the FTX debacle, this series discusses potential liability exposure and coverage under Directors and Officers and Corporate Liability Insurance (Part I), Accountants Professional Liability Insurance (Part II), Lawyers Professional Liability Insurance (Part III), and Crime and Custody Coverage for Crypto Assets (Part IV).

Silent cyber, move aside – silent crypto is the new kid on the block. For the past few years, as cyber-attacks have proliferated, insurance carriers have been forced to address potential “silent cyber” exposure in conventional, non-cyber liability insurance policies. Now, carriers may be forced to contend with “silent crypto” exposure that they did not intend to insure. The recent implosion of crypto firm FTX and its affiliates provides a case study for potential crypto exposure under traditional insurance policies. Using the FTX debacle, this series, discusses potential liability exposure and coverage under Directors and Officers and Corporate Liability Insurance (Part I), Accountants Professional Liability Insurance (Part II), Lawyers Professional Liability Insurance (Part III), and Crime and Custody Coverage for Crypto Assets (Part IV).

Silent cyber, move aside – silent crypto is the new kid on the block. For the past few years, as cyber-attacks have proliferated, insurance carriers have been forced to address potential “silent cyber” exposure in conventional, non-cyber liability insurance policies. Now, carriers may be forced to contend with “silent crypto” exposure that they did not intend to insure. The recent implosion of crypto firm FTX and its affiliates provides a case study for potential crypto exposure under traditional insurance policies. Using the FTX debacle, this series discusses potential liability exposure and coverage under Directors and Officers and Corporate Liability Insurance (Part I), Accountants Professional Liability Insurance (Part II), Lawyers Professional Liability Insurance (Part III), and Crime and Custody Coverage for Crypto Assets (Part IV).

Silent cyber, move aside – silent crypto is the new kid on the block. For the past few years, as cyber-attacks have proliferated, insurance carriers have been forced to address potential “silent cyber” exposure in conventional, non-cyber liability insurance policies. Now, carriers may be forced to contend with “silent crypto” exposure that they did not intend to insure. The recent implosion of crypto firm FTX and its affiliates provides a case study for potential crypto exposure under traditional insurance policies. Using the FTX debacle, described herein, this series of four articles discusses potential liability exposure and coverage under Directors and Officers and Corporate Liability Insurance (Part I), Accountants Professional Liability Insurance (Part II), Lawyers Professional Liability Insurance (Part III), and Crime and Custody Coverage for Crypto Assets (Part IV).

The Illinois Supreme Court entered an opinion reversing the decisions of the Circuit and Appellate courts, holding that section 22.1 of the Illinois Condominium Act does not imply a private right of action in favor of condominium-unit sellers.

In the wake of the rapid and unprecedented collapse of Bahamas-based crypto exchange FTX Digital Markets, the SEC and Department of Justice are conducting investigations of FTX and its principals. Congressional hearings are expected to take place in December, and a new Digital Assets Working Group has been formed as a subcommittee of the U.S. House of Representatives Committee on Financial Services.

Similar to the UK’s Age-Appropriate Design Code, California’s Age-Appropriate Design Code Act focuses on protecting children online by imposing heightened obligations on businesses with online products, services and features that are “likely to be accessed by a child.”

A recent California Court of Appeal decision underscores the fact that, in the data breach context, individualized issues may predominate over common issues. Accordingly, defendants in a data breach class action should seek to oppose class action certification by demonstrating that any purported injury to each individual requires a fact-specific inquiry that does not apply to the class as a whole.

Constitutional challenges to llinois’s prejudgment interest statute, 735 ILCS 5/2-1303(c), were consolidated for decision by Judge Marcia Maras and on May 27, 2022, Judge Maras held that the statute is unconstitutional. In response to Judge Maras’s ruling, which has not yet been addressed by a reviewing court, the Circuit Court of Cook County established a protocol for handling further motions challenging the statute on constitutional grounds or with respect to its application in a particular case.

Since the Illinois prejudgment interest statute took effect on July 1, 2021, numerous constitutional challenges were raised in cases pending in the Circuit Court of Cook County. These challenges were consolidated for decision by Judge Marcia Maras, and on May 27, 2022, Judge Maras held that the prejudgment interest statute is unconstitutional.

Recent decisions in the Northern District of Illinois held the Access or Disclosure Exclusion, which is commonly found in general liability policies, unambiguously bars coverage for claims under the Illinois Biometric Information Privacy Act. This is a departure from other recent decisions within the District that held the exclusion did not unambiguously exclude such coverage.

On March 8, 2022, a federal court in the Northern District of Illinois held an Employment-Related Practices Exclusion in a general liability policy does not preclude a defense obligation for a proposed class action brought by the insureds’ employees under the Illinois Biometric Information Privacy Act. The court further found that a jury needs to decide whether the insureds breached the “as soon as practicable” notice condition in the policy by waiting 20 months to provide notice to the insurer.

The Utah Consumer Privacy Act, once signed into law, will take effect December 31, 2023, and make Utah the fourth state with a comprehensive consumer privacy law. The Act provides consumers with broad protection and rights concerning the collection, use, processing, sharing and sale of their personal information. Businesses that fail to comply may be subject to significant fines and penalties.

Last year, cyber threats on global supply chains were in the spotlight following the unprecedented cyber-attacks on Colonial Pipeline, JBS and SolarWinds, attacks that had far-reaching consequences for downstream businesses, customers and individual consumers. The current geopolitical climate and escalating crisis in Ukraine is amplifying concerns about the increased cyber threat to global supply chains already strained by the COVID-19 pandemic..

Conflicting federal district court decisions highlight that the outcome of duty to defend claims under the Illinois Biometric Information Privacy Act (BIPA) may hinge on venue and/or choice of law considerations. Insurers should evaluate these considerations closely and examine how various jurisdictions handle certain general liability exclusions in other contexts in an effort to predict how a particular court may rule on coverage for BIPA claims.

The Seventh Circuit issued four decisions on December 9, 2021, affirming the dismissal of lawsuits seeking business income coverage for losses sustained from COVID-19 closure orders. The decisions reflect the Seventh Circuit’s clear position that most all-risk property policies will not provide coverage for the massive losses sustained by businesses during the pandemic shutdowns.

China’s new Personal Information Protection Law affords the country’s residents greater protection and rights over their personal data. Domestic and foreign organizations are subject to the heightened requirements, and failure to comply may subject organizations to substantial regulatory fines and penalties, revocation of business licenses, legal action and even personal liability.

Blissful ignorance is not a viable defense to an organization’s third-party cyber risk, and its supply chain is one of the most vulnerable areas when it comes to data security. As ransomware attacks increase, regulators are directing their scrutiny toward companies’ information security programs. While management has responded by increasing their information security program budgets, supply chain risk departments continue to be ignored. Supply chain cyber risk is a large task, but it can be brought under control by focusing on a few key steps to manage third-party risk.

The Middle District of North Carolina recently found that a newer version of the “Recording and Distribution of Material or Information” exclusion barred coverage for an Illinois BIPA suit. With only a handful of decisions concerning insurance coverage for lawsuits involving Illinois BIPA claims, the North Carolina federal court recently handed a welcome victory to insurers. In finding a newer version of the “Recording and Distribution of Material or Information” exclusion barred coverage for a putative BIPA class action suit, the North Carolina court found the wording of the exclusion broader than the older wording of a similar exclusion evaluated in a recent Illinois Supreme Court decision.

After roughly seven years of inactivity, litigation related to the Illinois Biometric Information Privacy Act has grown exponentially since 2015. While the statute provides guidelines for companies collecting biometric data, its practical application in the court system has been much less clear. Recently, one of the most significant questions was addressed by the First District: What is the statute of limitations for BIPA claims?

On September 21, 2021, the U.S. Department of the Treasury issued an updated advisory cautioning companies against the potential to incur sanctions by making ransom payments to cybercriminals, putting pressure on companies not to pay.

Any organization that conducts business in the state of California, collects or processes personal information, and meets one or more select criteria should assess their compliance with the California Privacy Rights Act, set to take effect on January 1, 2023. Failure to comply may subject companies to enforcement actions and stiff fines and penalties by regulators.

Following in the footsteps of the Illinois Biometric Information Privacy Act, the City of New York has enacted its own Biometric Identifier Information Act. Like its root, this new law is designed to protect and limit the use of consumers’ biometric data, which is highly personal and irreplaceable. Companies that fail to adhere to the new law may be subject to lawsuits and sizeable statutory damages.

The Colorado Privacy Act and the Virginia Consumer Data Protection Act mimic California privacy laws and the EU General Data Protection Regulation (GDPR) by imposing stringent requirements on companies that collect or process personal data of state residents.

As the legalization of cannabis expands, regulatory and litigation risks also will evolve. Proposed legislation, such as the SAFE Banking Act, will likely lead to greater insurance capacity in the cannabis market, and removal of marijuana from the Controlled Substances Act will have a significantly positive impact on cannabis D&O exposures after a likely tumultuous transition period following legalization.

The sun shone a little brighter for insurers who do business with Illinois insureds when the Northern District of Illinois recently held that an excess carrier is not required to indemnify its insured for a punitive damage award from Georgia. The court emphasized Illinois’s strong public policy prohibiting insurance coverage for an insured’s conscious disregard for the safety of others in a negligent failure to warn case, recognizing the risk associated with allowing insureds to take “advantage of their wrong” by passing certain punitive damages to insurers. The case also conducts a very detailed explanation of Illinois’s choice of law rules and discusses the inability of a primary insurer to bind an excess insurer by not raising a defense to coverage.

Pursuant to Illinois Public Act 102-0006 ‒ signed into law by Governor J.B. Pritzker on May 28, 2021 ‒ the Illinois judgment interest statute now imposes prejudgment interest in all actions brought to recover damages for personal injury or wrongful death.

While Illinois Senate Bill 72 is an improvement over House Bill 3360, vetoed by Governor J.B. Pritzker on March 25, 2021, it is still problematic. If enacted into law, Senate Bill 72 would impose prejudgment interest on noneconomic damage awards for pain and suffering. Non-economic awards can never be anticipated with mathematical precision and often comprise the lion’s share of a personal injury or wrongful death verdict.

Insurers should be aware of the holding by the Northern District of Illinois in one of the first decisions concerning the duty to defend insureds for COVID-19 claims under a commercial general liability policy. The opinion also has implications far beyond COVID-19 claims under such policies, and this broad interpretation may apply with respect to other claims seeking injunctive relief.

If it becomes law, Illinois H.B. 3360 amends section 1303 of the Illinois Compiled Statutes to impose prejudgment interest in tort actions. Prejudgment interest will begin to accrue on the date the defendant has notice of the injury from the incident or from a written notice. In entering judgment for the plaintiff in the action, the court will add prejudgment interest in the amount of 9 percent of the judgment per annum.

This issue of the Long-Term Care Newsletter offers an analysis of the unprecedented regulatory actions and new guidelines and requirements directed toward ensuring a safe and robust environment for long-term care residents and staff. Key to the efforts is putting patients before paperwork to provide quality care and ensure individualized care plans are followed.

On October 1, 2020, the U.S. Department of the Treasury issued an advisory on potential risks of sanctions for organizations that facilitate ransom payments. Companies, their cyber insurers and third parties that assist in facilitating payments to cybercriminals might be subject to liability and hefty penalties under federal laws.

Wilson Elser attorneys present the current statutory framework, recent changes to the law in response to the novel coronavirus pandemic.

Members of Wilson Elser’s Cannabis Law team Ian A. Stewart (Partner-Los Angeles) and Neil M Willner (Associate-White Plains) collaborated with the firm’s Appellate Practice Chair Melissa A. Murphy-Petros (Of Counsel-Chicago) to draft an amicus brief to the U.S. Supreme Court in the publicized case of Washington v Barr, which seeks to invalidate marijuana's Schedule I status under the Controlled Substances Act on constitutional grounds.

Despite the COVID-19 pandemic, the SEC and FINRA have shown that it will be business as usual. In early April, the SEC confirmed that it will not push back the June 30, 2020, deadline for compliance with the Regulation Best Interest Rule aimed at improving investor protection by enhancing broker-dealers’ obligations when making recommendations to a customer.

The document answers questions posed by employers who are navigating an uncertain business environment and advises on new state and federal regulations.

In Illinois, a post-trial motion is required to challenge a jury verdict on appeal, but is not required to challenge a directed verdict. What happens when a directed verdict is granted in part and the remainder of the case is decided by a jury? Is a post-trial motion required to secure a new trial on all claims? In a recent decision, the Illinois Supreme Court answered this question – yes.

Wilson Elser has compiled information on the state laws in all 50 states and the District of Columbia with respect to certain key issues that employers must or may need to address in terminating or reducing their workforce during the COVID-19 pandemic.

Employers may be faced with new challenges in not having direct oversight of employees who must work from home during the COVID-19 pandemic. Employers must therefore take action to ensure that nonexempt employees are not performing work off the clock and not working overtime without authorization.

This article contains common questions recently fielded by Wilson Elser attorneys, along with an explanation of the various legal implications involved. It is important to stay abreast of the legal developments on all fronts as businesses face this emerging threat.

The Illinois Cannabis Regulation Tax Act permits personal and recreational cannabis use for all individuals 21 years of age or older. While there will be much to work out as Illinois navigates its new cannabis laws, employers may maintain the same standards at work that they had before the law became effective. But, they need to know and follow the new law’s requirements.

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) recognizes and enforces California consumers’ right to privacy and control over their personal information.

The U.S. Department of Agriculture’s interim final rule for its Domestic Hemp Production Program, which was unveiled on October 31, 2019, has caused concern with several issues critical to the hemp and CBD industries, including what constitutes acceptable testing and sampling procedures. The interim rule states that all testing shall be performed by DEA-certified labs and that a failed test from a distinct lot may invalidate the entire harvest, which would cause major income losses for producers.

As the year draws to a close, it’s an especially good time to review your businesses’ cybersecurity policies and procedures as they relate to electronic protected health information under HIPAA regulations.

Public hearings were scheduled for the first week in December to receive comments on proposed regulations to the California Consumer Privacy Act, which goes into effect on January 1, 2020. Written comments will be accepted by the California Attorney General until 5:00 p.m. on December 6, 2019. The final regulations are expected to be released in early 2020 and will be enforced beginning in July 2020.

With more than 12 million residents, Illinois has a population twice the size of Colorado. Although the official approval is still pending, Illinois is poised become the eleventh state to approve the adult use of marijuana, and it would be the first to legalize it through the state legislature.

The Illinois First District Appellate Court recently held that pursuant to the learned intermediary doctrine a pharmacy has no duty to warn customers of prescription drug side effects that may occur in “anyone” who takes the drug.

The Illinois Supreme Court gave the state’s Biometric Information Privacy Act more “punch” in a recent opinion holding that an individual does not need to prove harm to recover − a technical violation of the Act is sufficient to constitute standing.

The idea behind the American Bar Association’s Formal Opinion 483 is to make sure that lawyers, despite their attempts to limit and prevent cyber threats, are still prepared to deal with a data breach when one occurs so clients can stay informed regarding their representation. The opinion closes by stressing that lawyers are still obligated to consult the relevant regulatory and statutory schemes in addition to the model rules to fully ensure they are properly keeping their clients informed in the event of a breach. 

Businesses that seek to obtain and preserve contracts with the U.S. government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations. These include the Defense Federal Acquisition Regulation Supplements, which impose stringent minimum security requirements and reporting obligations, and the International Traffic in Arms Regulations, which contain approval, registration and records maintenance requirements.

The extra-territorial reach of the EU’s new General Data Protection Regulation means that non-EU companies that collect, store, transfer or otherwise process personal data of EU residents may be required to obtain express consent to use an individual’s personal data, in addition to maintaining internal records of the company’s personal data processing activities. Moreover, companies may have a mere 72 hours to notify EU regulatory authorities of a data breach involving the personal data of EU residents.

Under Australia’s Notifiable Data Breach Scheme, organizations, not limited to Australian companies, will be forced to promptly respond to and investigate actual or suspected data breaches concerning personal information. Failure to do so may result in the commencement of a regulatory action and/or the imposition of civil penalties. Companies with potential exposure are encouraged to become familiar with the new legal requirements.

On November 1, 2018, the long-awaited amendments to Canada’s Personal Information Protection and Electronic Documents Act will go into effect. These amendments and related regulations impose new mandatory notification obligations on companies in the event of a breach involving the personal information of Canadians.

While the California Consumer Privacy Act does not take effect until 2020, it is likely to spur other states – and perhaps the federal government – to enact broader legislative protections for the collection and use of individuals’ personal information. Meanwhile, all entities that do business in California and collect personal information of Californians should take prompt action to review and revise related assets and materials.

Should employers be allowed to insist that workplace disputes be handled in one-on-one arbitration or should employees always have an option of bringing claims in collective actions? A 5−4 opinion for the U.S. Supreme Court holds that arbitration agreements containing class and collective action waivers must be enforced pursuant to the Federal Arbitration Act and are not otherwise nullified by the FAA’s savings clause or the National Labor Relations Act.

The speed of events and the fast-breaking news on the recent Equifax data breach discovered on July 29, 2017, has gone from bad to worse. An investigation revealed that the incident impacted 143 million consumers’ personally identifiable information, including names, social security numbers, dates of birth and driver’s license numbers.

In a recent decision, the Illinois First District Appellate Court upheld reversal of the Illinois Department of Public Health’s refusal to add chronic postoperative pain to the list of accepted diseases in the Illinois medical marijuana program. The Court rejected the time limit for approval and required instead that the decision be remanded for further proceedings.

The world recently experienced an unprecedented global cyberattack that targeted the public and private sectors, encrypting and locking electronic files. So far, it is estimated that hundreds of thousands of entities worldwide were victims of WannaCry ransomware; and just as WannaCry is subsiding, a new attack, Adylkuzz, is taking its place, crippling computers by diverting their processing power. Now the world needs to begin building a Cyber Defense Arsenal.

Public Act 98-1132, effective June 1, 2015, amended section 2-1105(b) of the Illinois Code of Civil Procedure (735 ILCS 5/2-1105(b)) by limiting the size of a jury in all civil cases to six people. In an action filed after the effective date, defendants filed their appearance and then moved for leave to file a 12-person jury demand and to declare the Act unconstitutional. The circuit court found the Act unconstitutional and the appeal proceeded to the Supreme Court, which immediately hears all appeals from circuit orders finding a state statute unconstitutional. 

On August 29, 2016, the Federal Aviation Administration’s long-awaited commercial drone rule went into effect and is likely to spur significant innovation in commercial drone operation. While the new rule’s operational limitations work to confine drone use to small areas and limit the ability to misuse drones, they fail to fully protect individuals and their right to privacy.

On June 23, 2016, following a trial, an eight-member panel jury unanimously found that the similarities between the opening chords in Led Zeppelin’s iconic song “Stairway to Heaven” and “Taurus,” an instrumental written by singer Randy Wolfe, a/k/a Randy California, of the group Spirit did not constitute copyright infringement. One month later, an appeal was filed to dispute the verdict and any interlocutory legal rulings and decisions made during the course of litigation.

In a recent case, the Appellate Court of Illinois, First Judicial District, acknowledged that a circuit court may have caused confusion when it issued a written order disposing of substantive claims and then, by separate order entered the same day, scheduled a future status hearing for an unspecified purpose. However, the appellate court determined that an obligation ultimately lies with the parties to track the circuit court’s disposition of the substantive issues raised in the pleadings, to act promptly in accordance with the rules to preserve arguments for appeal, and to seek clarification from the court when the effect of its orders is in doubt.

The U.S. Supreme Court upheld a district court's ruling that a federal district court judge may recall a jury to correct a mistaken verdict after the jury has been discharged. However, “just because a district court has the inherent power to rescind a discharge order does not mean that it is appropriate to use that power in every case.”

A recent decision by the European Union Court of Justice will likely have tremendous consequences for the cross-border trade in data between U.S. companies and EU citizens. No longer will U.S. companies be able to rely on Safe Harbor program participation and self-certification as a layer of protection when handling the data of EU citizens.

Wilson Elser Chicago partner Anjali Das has compiled a roundup of recent news, including litigation and mega settlements, developments in Delaware D&O law, D&O cyber liability, and recent D&O insurance coverage decisions.

In what appears to be an all-out assault on lax cybersecurity, the SEC has issued a new Alert in connection with its cybersecurity examination of Wall Street firms, entered a Cease and Desist Order against a firm for failing to adopt written policies or procedures to protect customer information, and issued an Investor Alert that highlights actions individuals should take if their personal information is compromised.

The Authorized Electronic Monitoring in Long-Term Care Facilities Act has become law in the state of Illinois. Effective January 1, 2016, residents of nursing homes, or family members, will be able to place recording devices in their rooms. It remains to be seen how the rules surrounding the new law will affect long-term care facilities.

A recent Third Circuit ruling has put the burden on companies to not only consider the many laws, rules and regulations that impact data privacy and security but also attempt to anticipate regulators’ “state of mind” when creating and implementing cybersecurity programs.

As more states diverge in their approach to data privacy regulations, companies that store and transmit personal information find themselves responsible for an expanding field of what constitutes personal information and a shrinking list of acceptable responses.

A recent U.S. Supreme Court decision demonstrates that businesses and people should always proceed with caution when inducing others to use, or contributing to the use of, patented or potentially patented subject matter. Failure to confirm invalidity, when there is knowledge of the patent and knowledge of infringement, subjects parties to additional risk, potential liability, and possible damages for induced infringement or contributory infringement.

On July 20, 2015, the Seventh Circuit issued an opinion holding that risk of future fraudulent charges on a credit card and greater susceptibility to identity theft is sufficient to establish standing, reversing a decision by the Northern District of Illinois.

In its preface to a recent unanimous decision, the Eleventh Circuit described the case as follows: “Mixing family and family-owned business can be complicated. When the mix produces litigation, complications can multiply. When the litigation involves misconduct allegedly committed by family members serving simultaneously as officers of the family business and as trustees of the family trust holding large amounts of the company’s stock, the complications abound. Add the question of insurance coverage for the litigation to the mix, and you have this case.”

“Jewel-Osco salutes #23 on his many accomplishments as we honor a fellow Chicagoan who was just around the corner for so many years,” proclaimed an ad in a special Sports Illustrated Presents issue honoring Michael Jordan on his induction into the Basketball Hall of Fame in 2009. However, just below that was the sponsor’s slogan “Good things are just around the corner.” Facing a motion for summary judgment on standing, Michael Jordan prevailed, at least for now, with an Illinois Federal District Court holding that there are material issues of fact precluding a finding as a matter of law that Michael Jordan transferred his identity rights.

On May 7, 2015, the Senate Judiciary Committee and stakeholders discussed at length the provisions of the bipartisan Protecting American Talent and Entrepreneurship Act of 2015 and took into account certain comments. The so-called PATENT Act aims to curb abusive patent practices and litigation, although the debate in the Senate on whether the Act actually accomplishes this goal will continue.

Financial and insurance institutions must make cybersecurity a top priority. While not every company has the resources to pour into cybersecurity, every company should take these risks seriously. As states continue to become more active in this space, companies should proactively seek to be at the forefront of cyber security developments.

In a May 18, 2015, opinion, the U.S. Court of Appeals for the Federal Circuit reaffirmed that Samsung had violated design patents in Apple's iPhone. However, that opinion did not extend to Apple's trade dress. This means that the $930 million award will be reduced, but, in the long run, neither side got all it wanted.

Property managers must tread carefully on the topic of medical marijuana use in HUD-assisted properties; although HUD’s position that no exceptions would be made is clear, it is being increasingly criticized and challenged. Additionally, while property managers may be in the right by refusing to accommodate a medical marijuana user in terms of compliance with the FHA, the ADA or section 504 of the Rehabilitation Act, they may run afoul of states’ antidiscrimination laws.

As part of its increased focus on cyber security, the New York State Department of Financial Services announced that it is broadening the scope of questions and topics in its current information technology examination framework. The Department requires insurers to provide a response to 16 questions about their overall cyber security posture by April 27, 2015.

Despite their best efforts, companies cannot prevent an industrious hacker from finding a way to access their data, but such incidents may not give rise to a cause of action. When a data breach occurs, an individual does not suffer harm, and thus does not have standing to sue, unless the individual alleges actual misuse of the information or that such misuse is imminent.

A federal jury in Chicago will need to decide the merits of the legendary basketball player’s multimillion-dollar claim that Jewel Food Stores, Inc. violated the Illinois Right of Privacy Act when it used Jordan’s name and number “23” in an advertisement congratulating him on his induction into the Basketball Hall of Fame.

A recent decision by Missouri’s Eastern District Court puts businesses entering into contracts for payment processing services on notice to have such agreements reviewed by a data privacy and security attorney. The decision will likely cause processors and banks to focus more carefully on the limitation-of-liability provision related to credit card breaches.

School officials are custodians of students, and states have adopted rules and regulations that give school officials even more power to protect students from bullying. States have added specific cyber-bullying language to their anti-bullying laws, codifying the notion that school officials have the discretion to act to protect students from bullying based on incidents outside of school. But are students’ passwords on social media websites fair game?

In a December 31, 2014, decision, the U.S. District Court, Northern District of Illinois, on the question of whether a religiously affiliated employer was exempt from federal regulation of its employee benefit plans based on a statutory exemption created for churches under ERISA, excluded such benefit plans from the church plan exemption.

In a recent pre-trial ruling, the U.S. District Court for the Northern District of Illinois barred perennial plaintiff’s expert Dr. Arthur Frank and other experts for the plaintiff from providing opinions espousing the “Any Exposure” theory of causation.  Subject to this preclusion, however, the ruling leaves the door open for the plaintiff’s experts to provide case-specific causation opinions against defendants if such opinions are based on the experts’ analysis of the fact witnesses’ asbestos exposure testimony.  

In a recent case before an Illinois Appellate Court, the plaintiff appealed the jury’s verdict for the defense, which denied her claim of asbestosis resulting from repair work or damage to insulation in her place of employment. In affirming the jury’s verdict, the Court made it clear there were many potential gaps in the plaintiff’s proof and that the jury could have easily concluded that her contacts with potentially harmful asbestos insulation were either so brief or in such small amounts that the threshold exposure discussed by the plaintiff’s expert had not been met.

The “no pet” policy under the Fair Housing Amendments Act and section 504 of the Rehabilitation Act applicable to recipients of financial assistance from HUD may be subject to modification upon review of HUD’s April 2013 Guidance on “assistance animals.”

The critical trend of data security breaches and cyber liabilities significantly harming mid cap and small businesses will continue to increase through 2015. Small companies need to recognize that they have as much, if not more, risk of suffering losses and attacks with greater frequency and severity than their bigger competitors. In fact, smaller companies are at greater risk because they do not have the same depth of resources as their larger competitors. Brokers and insurers can assist these companies in preparing for, protecting against and surviving an eventual and potentially catastrophic cyber crisis event.

In a recent decision, a Michigan District Court determined that an act not typical of a claims administrator’s responsibilities performed at the instruction of the plan sponsor and administrator did not establish a fiduciary relationship with the plan’s participants and, as such, did not give rise to a claim for breach of fiduciary duty.

On January 1, 2015, an amendment to California’s privacy and breach law goes into effect that may have a significant impact on the way entities respond to data breaches. In advance of the law’s effective date, in addition to evaluating their information security protocols and policies, entities that possess the personal information of California residents should review their insurance policies, first to make sure they have cyber insurance that provides data breach coverage, and second to determine if their policies will cover the potentially significant cost associated with notification and identity protection or mitigation services.

As companies, brokers and insurers continue to develop a better understanding of the risks and exposures involved with data breaches, standard insurance portfolios must be reviewed and developed to provide proper protection in the face of state laws and other outside influences.

The California Third Appellate District  recently overturned a lower court’s denial of a motion to dismiss a class action lawsuit seeking $4 billion in damages under California’s Medical Confidentiality Act due to the alleged disclosure of medical records. The Appellate Court specifically held that the mere theft of medical records without any allegations that an unauthorized person viewed these records is insufficient to state a claim.

Careful to draw the distinction between negligence and intentional torts in cases where a defendant’s actions cause emotional distress that leads to a suicide, the Illinois Appellate Court’s opinion in a recent case nevertheless opens the door to a wide variety of wrongful death and survival claims that were previously not recognized.

Because the filing of a notice of appeal is the jurisdictional step that initiates appellate review, it confers jurisdiction on a court of review to consider only the judgments or parts of judgments specified in it. Where a notice of appeal is filed improperly, the appellate court lacks jurisdiction over the matter and is obliged to dismiss the appeal.

In April, Microsoft ended support for Windows XP Professional for embedded systems. As the saying goes, “a chain is only as strong as the weakest link” and even a single Windows XP computer could provide a potential intruder with a “window” into your network environment.

By filing a Rule 59(e) motion just one day late, a plaintiff unwittingly rendered a summary judgment order unreviewable and changed the standard of review in an unfavorable way. The lesson from a recent case before the Seventh Circuit is that engaging an appellate practitioner to handle post-trial and appellate litigation is a necessity, particularly where the right to appeal is at issue.

The SEC’s new disclosure guidance was intended to bring greater awareness and transparency to actual or potential cybersecurity risk that might be considered material to investors. However, the SEC has acknowledged that this guidance alone might not be sufficient to address investor concerns.

On May 13, 2014, the Court of Justice of the European Union found that an individual has the right to demand that Google remove links about him that he claimed were old and irrelevant. But which approach is best – the right to be forgotten or the right to know? The “right to be forgotten” as currently described by the Court of Justice could create a clash between freedom of speech, which is supported in the United States, and the EU’s broader concept of privacy.

A recent decision by the U.S. District Court for the Northern District of Illinois in a case of first impression rejected strict application of the “bare metal” defense, under which defendants cannot be held liable for the dangers of asbestos-containing parts supplied by third parties. The court instead favored a middle path, holding that a defendant owes a duty to warn in certain circumstances.

“On information and belief,” which indicates a statement is made not from firsthand knowledge but in the firm belief that it is true, played a key role in a recent Ninth Circuit holding of first impression where the citizenship of parties to the case was unknown. The court agreed with Wilson Elser appellate attorneys, recognizing that the pleading of diversity of citizenship on information and belief is not sufficient to sustain federal jurisdiction throughout the life of a case, but reasoned that it is enough to allow the complaint to stand until it is served and a response is received; specifically, jurisdictional discovery is an appropriate solution because the insurer will likely be able to “obtain the information it needs via discovery from the defendants it can locate.”

An intermediate Illinois appeals court rejected the applicability of the absolute pollution exclusion to a claim involving obnoxious odors emanating from hog farm manure, reasoning that the claim did not involve “traditional environmental pollution” as required by an Illinois precedent interpreting the exclusion.

Illinois defense counsel and their clients and carriers must keep in mind the provisions of a new statute, set to take effect on January 1, 2014, and the deadlines it imposes throughout the settlement process. They will need to seek court intervention in a timely fashion to avoid possible penalty for late payment.

The Illinois Supreme Court’s April 18, 2013 decision regarding the exercise of specific personal jurisdiction over a nonresident manufacturer may impact future products liability litigation. Under the court’s latest proclamation, more foreign defendants may find it difficult to extricate themselves from Illinois lawsuits through the Illinois Long-Arm Statute, even if they are not directly in contact with the plaintiff. 

Insurers responding to requests for information concerning cybersecurity from the New York Department of Financial Services may benefit from reviewing materials developed in 2002 in response to Regulation 173. In addition, insurers must implement a comprehensive written information security program and adjust it as changes in technology and other specified circumstances warrant.

As businesses and families that were caught in the path of Hurricane Sandy begin to survey the damage, insurers are feeling the first surge of many claims to come. Now’s the time to confer with Wilson Elser’s knowledgeable and adept insurance attorneys to be certain you’ve got all contingencies covered.

This is the first in a series of alerts designed to provide you with clarity and understanding of the important and significant issues raised by this unprecedented crisis.

An October 23, 2012, ruling by the New York Court of Appeals holding that claims disposed of by motion practice early in a case are not really concluded until an appeal from the final judgment is decided will have an effect on strategy for trial lawyers.

Courts are responding to the broader scope of coverage afforded to individuals, including obese individuals, under the ADAAA.

Wilson Elser Attorneys, William T. Bogaert, David Eisen, Joanna Piorek and Jason M. Kuzniar Co-authored Recent Developments in Professionals, Officers and Directors Liability in the Tort Trial and Insurance Practice Law Journal, Vol. 47, Issue 1, Fall 2011 published by the Tort Trial and Insurance Practice Section of the American Bar Association.

Walmart is the latest high-profile target of a string of D&O claims involving the increasingly enforced Foreign Corrupt Practices Act. The SEC and DOJ have maintained an aggressive stance on FCPA violations and enforcement actions, which can lead to shareholder derivative civil actions.

The Illinois Supreme Court and two districts of the Appellate Court issued written opinions on appellate jurisdiction and waiver issues, highlighting the perils appellate procedure may hold for the unwary litigant or counsel.

Illinois appellate court warns litigants that an appellate brief cannot be a trial court pleading with a new cover, and all appellate briefs must follow the strict rules of factual and legal citation imposed by the reviewing courts.

Allowing jurors to submit questions can improve juror comprehension of testimony and attention to the proceedings and increase overall satisfaction with jury service. For the litigants, juror questions may provide counsel with the advantage of “real time” glimpses into the jurors’ minds as the evidence is received.

The newly assigned judge to the asbestos docket in Madison County, IL, has ended the ability of local plaintiffs’ firms to “market” trial dates for mesothelioma cases, thereby changing the way plaintiffs’ counsel practice law in Madison County. Judge Clarence Harrison entered an order on March 29, 2012, stating that trial dates will be assigned on a case-by-case basis rather than by pre-assigned trial settings given to specific plaintiffs’ counsel.

Amid disagreement among Illinois appellate courts, the Illinois Supreme Court will hear and should ultimately rule on employer liability in secondhand asbestos cases.

Many China-based issuers have been targeted by regulators and investors alike for purported securities and accounting fraud that could ultimately cost D&O insurers millions in losses.

In light of the potential long arm of the Bribery Act, directors and officers (“D&O”) liability carriers should familiarize themselves with the potential increased exposure to their insureds. In addition, D&O insurers would be well advised to consider potential coverage issues under their policies for claims and investigations under the Bribery Act.

The Illinois Supreme Court ruled as a matter of first impression that parents asserting a claim of wrongful birth may not recover expenses incurred for the care and support of their disabled child after the child reaches the age of majority. Clark v. Children's Memorial Hospital, No. 108656, 2011 WL 1733532 (Ill. May 6, 2011). This significant victory was won with the amicus curiae assistance of Wilson Elser's Appellate Practice and its co-chair Melissa Murphy-Petros.

No matter the type of clinical practice a mental health care professional enjoys, the odds are almost certain that a patient will be involved in litigation. Frequently, during the course of discovery in a legal proceeding, a patient’s mental health becomes an issue. Most often the attorneys involved in that case will serve a subpoena on a psychiatrist to produce his records, give a deposition, or come to trial and testify. Should you respond to that subpoena and turn over your records or give a deposition? In Illinois, the answer is usually no.

On June 10, 2010, the Fifth District Illinois Appellate Court ruled in Simpkins v. CSX Corporation and CSX Transportation that employers owe a duty to protect their employees' immediate family members against take-home asbestos exposure even though no relationship exists between the employer and the family member.

A recent First District Appellate Court of Illinois decision makes it clear that insurers issuing "claims made and reported" policies in Illinois will be subject to the Illinois rule of estoppel, and that such insurers risk losing the right to enforce the reporting condition of such policies if they fail to take appropriate preemptive action.  See, Uhlich Children's Advantage Network v. National Union Fire Ins. Co., 2010 Ill. App. LEXIS 61 (1st Dist. February 3, 2010).

The population of the United States is becoming increasingly diverse.  Recent surveys reflect that Hispanics currently comprise more than 15 percent of the population – more than 46 million people – making them the country’s largest minority group.  As such, employers should make it a priority to become more knowledgeable about issues pertaining to Hispanic-Americans and other non-native English speakers in the workplace in order to avoid potential legal problems now and in the coming years.

Skilled advocates, Wilson Elser's appellate attorneys have earned the firm a reputation for excellence in post-trial and appellate work.  Concentrating on the complex, highly technical, and constantly evolving discipline of appellate procedure, we have the experience needed to plan and execute the most effective post-trial and appellate strategy.  In addition to handling appeals, we provide critical assistance at the trial level, including consultation on the preparation of dispositive pre-trial motions, motions in limine, and jury instructions; participation at trial; and attendance at the jury instructions conference.

On February 4, 2010, the Illinois Supreme Court, by a 4-2 ruling, invalidated an Illinois statute which established caps on the amount of non-economic damages such as; pain, disfigurement and loss of consortium, that can be recovered in medical malpractice actions.  In reaching its determination in Lebron v. Gottlieb Memorial Hospital (Ill. Supreme Court Docket Nos. 105741, 105745), the court determined that the statute violated the separation of power provisions stated in the Illinois Constitution by nullifying the court's inherent power to correct excessive jury awards.

Wilson Elser's Appellate Practice Group has recently made new law in Illinois with respect to pleading causes of action for defamation per se.  In Green v. Rogers, --- N.E.2d ---, 2009 WL 3063399 (Ill. Sept. 24, 2009), Group Co-Chair Melissa A. Murphy-Petros (Of Counsel-Chicago) convinced the Illinois Supreme Court to hold, as a matter of first impression, that such claims must be pled with the same specificity and particularity as that required in pleading fraud claims.  This ruling not only secured dismissal of the complaint against Wilson Elser's client, but also established new law favorable to defamation defendants throughout the state.

The Federal Trade Commission's "Red Flags" Rule is designed to protect personally identifiable information from data thieves.  Insurance brokerage firms and other service providers that receive payment after their services have been delivered are required to comply.  The compliance deadline is November 1, 2009—data breaches on or after that day may be subject to penalties of up to $3,500 per violation, and could also result in prosecution for violation of state consumer protection or deceptive trade practices laws.  Such laws may permit private individuals to sue and recover treble damages, attorney's fees and/or litigation costs.

The Federal Trade Commission's "Red Flags" Rule is designed to protect personally identifiable information from data thieves.  Among others, the Red Flags Rule applies to any business or individual that provides a product or service for which payment is received after the product or service is delivered.  While many might assume that data protection regulation applies only to hospitals and banks, the broad definition of who is covered by the Red Flags Rule very clearly applies to professional services firms that get paid by their clients after the services are provided, which, of course, includes accounting firms.

Most mental health professionals are aware of Tarasoff v. Regents of University of California, 17 Cal.3d.425 (Cal. 1976). The 1976 California case held that when a therapist determines that a patient presents a serious danger of violence to another, the therapist has the duty to contact the intended victim, notify the police or take other steps reasonably necessary under the circumstances. Tarasoff set the exception to the general rule that one owes no duty to control the conduct of another. The court in Tarasoff emphasized that therapists have no general duty to warn of each threat, but have a duty to act only where the therapist should have determined that a patient poses a serious danger of violence to a foreseeable victim.

A typical claim targeting directors and officers ("D&Os") in the context of a merger or acquisition is that the D&Os breached their fiduciary duties of care and loyalty by failing to get the best deal for shareholders.  However, in a boon to D&Os and their insurers, several recent Delaware court decisions have made it easier for defendants to successfully defend these types of claims.

On July 29, 2009, the Federal Trade Commission ("FTC") announced that the implementation of the "Red Flags" rule, requiring most businesses to adopt a written data security and breach policy, has been postponed by three months, to November 1, 2009.  The FTC has cited the need to assist and educate small businesses with low risk of security breaches regarding the required conduct under the rule.  Businesses now have additional time to prepare for the impact of the rule by bringing their companies or practices into compliance with the rule's requirements.

Second-hand or bystander asbestos exposure litigation has been increasing in Illinois, but a recent Illinois Appellate Court opinion has held that premises defendants cannot be found liable under a second-hand exposure theory.  On May 29, 2009, the Second District Appellate Court ruled in Nelson, et al. v. Aurora Equipment Company, in a case of first impression, that an asbestos defendant is not liable for alleged asbestos injuries under the theory of premises liability to a plaintiff who was never present on the defendant's premises.

The Red Flags Rule is designed to protect personal identifiable information from data thieves.  While many people believe that data protection regulation applies only to hospitals and banks, data thieves are attacking other businesses, so regulation has expanded.

On April 16, 2009, the Illinois Supreme Court issued its long-awaited decision in Nolan v. Weil-McLain, providing some relief to defendants who have been barred from introducing evidence of other asbestos exposure.

Over the years, we have seen many therapists lose cases
due to inaccurate or incomplete charting. Sometimes an entire lawsuit can hinge on the notes or lack of notes contained in a patient’s chart. Every 10 years or so, the theory of notes and charting will change. At one time, therapists preferred not to chart too much and believed “less was better.” Then, attitudes changed and mental health professionals began to chart everything under the sun and would write novellas for every appointment with a patient.

Online therapy or “cyber therapy,” defined as the provision of mental health services over the Internet, is a growing field that has created equal amounts of interest and controversy. Prior to engaging in cyber therapy, clinicians should be aware that there are many risk management issues involved in the practice.