As if having to deal with the COVID-19 pandemic was not enough for law firms and clients, this year has seen a striking number of data breaches, privacy-related lawsuits, and government enforcement proceedings, as well as large settlements of new and older claims. Indeed, on Dec. 8, 2020, in perhaps the ultimate 2020 irony, cybersecurity consultant FireEye, Inc., announced that it was itself the victim of a cyber attack by a highly sophisticated state-sponsored attacker that targeted and accessed certain assessment tools that the company uses to test its customers’ security. See Kevin Mandia, “FireEye Shares Details of Recent Cyber Attack, Actions To Protect Community,” (Dec. 8, 2020).

The breadth of these cyber incidences reflects more than just the problems of securing work-from-home technology, interference with Zoom conference calls, and system vulnerabilities that existed even before COVID-19. Indeed, they essentially are a 2021 blueprint for the kinds of privacy issues that companies may best be advised to focus on, and that legislators and regulators in New York and elsewhere across the country may seek to address.

Consumer Data