In Perlaki v. J.B. Poindexter & Co., Inc., a data breach class action, Magistrate Judge Andrew M. Edison of the Southern District of Texas found that the plaintiff had standing to sue under Article III of the United States Constitution but recommended dismissal of the plaintiff’s data breach plaintiff’s claims under Texas law.

As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S. Department of Labor has published an update to its guidance initially issued in April 2021 on cybersecurity best practices for plan sponsors and fiduciaries.  

On April 16, attorneys general from seven states and a state agency announced that they were forming the Consortium of Privacy Regulators, a new effort to better protect consumers’ privacy.

Consumers have been trading their DNA for a personal genetic history lesson with 23andMe since 2007. The company has since become extremely popular and has collected a trove of genetic information relating to more than 14 million people. But in March 2025, 23andMe filed for Chapter 11 bankruptcy due to ongoing financial struggles and data privacy concerns after the company experienced a major data breach involving approximately 6.9 million customers and resulting in a $30 million settlement.

The Constangy Cyber Team continues to grow with the addition of three outstanding new attorneys, allowing us to quickly and effectively respond to our clients' data privacy and cybersecurity needs. Please join us in welcoming Lynda Jensen, Brett Swanson, and Steven Morris to the Constangy Cyber Team. Each brings a wealth of knowledge and experience, underscoring our commitment to providing top-tier legal counsel.

EDITOR’S NOTE: This is Part Two of a two-part series. You can read Part One here.

EDITOR’S NOTE: This is Part One of a two-part series.

The California Invasion of Privacy Act continues to be a focal point for privacy litigation, particularly concerning website tracking practices. A recent case, Gabrielli v. Insider Inc. sheds new light on whether collecting and sharing an IP address violates the law.

With the number of data breaches increasing each year, it’s becoming more important to know what personal data you have and where you have it. On personal or even work devices, you may be surprised at how much of your data is just waiting to be taken advantage of by a bad actor.

Chile has amended its data privacy law granting significant rights to data subjects, and imposing stricter obligations on data controllers and processors. Published in the Official Gazette (Diario Oficial) on December 13, 2024, Chile’s new Personal Data Protection Law takes effect on December 1, 2026.