News & Insights  |  Media Mentions

Related Professionals

Practice Areas

Contact

Patricia O'Connell
Senior Communications Manager
202.719.4532
poconnell@wileyrein.com

Kirk Nahra Discusses Privacy and Cybersecurity Cases to Watch in 2018

Law360
January 2, 2018

Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice, was quoted by Law360 in a January 1 article highlighting privacy and cybersecurity cases to watch in the coming year. “Litigation [in 2018] could redefine government enforcement in privacy and security, significantly change the constitutional landscape for privacy, and dramatically alter all data breach class action litigation,” Mr. Nahra said.

A case pending before the Eleventh Circuit, LabMD v. FTC, involves the Federal Trade Commission’s (FTC) authority to regulate companies’ data security activities. Depending on how the justices rule, this “never-ending” battle could be “enormously important” to the FTC’s ability to continue to be top dog in the privacy and cybersecurity regulation space, Mr. Nahra told Law360.

One potential outcome of the LabMD case is that the Eleventh Circuit could uphold the FTC’s more than decade-old strategy of aggressively pursuing data security enforcement actions – which would “essentially be status quo,” according to Mr. Nahra. Another possibility is that the appellate court could strike down the FTC’s data security enforcement approach. Such a ruling would “be enormously disruptive, especially for consumers, and might actually prompt even this Congress to finally act in this area,” Mr. Nahra said.

In another closely watched case, health insurer CareFirst is asking the Supreme Court of the United States to reaffirm Article III standing requirements in the data breach context. “That case could redefine the landscape for data breach litigation,” Mr. Nahra said. “The plaintiffs’ bar has been chipping away at a brick wall of precedent, but hasn’t had a true breakthrough yet. A win by the plaintiffs in this case would likely be that breakthrough, with implications for any company that has a data breach.”

The Law360 article can be found here (subscription required).