Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the Federal Trade Commission (FTC)’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.
The OPM Data Breach Action
The District of Columbia Circuit’s June 21st panel decision in the In re Office of Personnel Management Data Security Breach Litigation held that a federal agency and its private contractor were not entitled to sovereign immunity and derivative sovereign immunity, respectively, for class action claims in the wake of a data breach in which hackers allegedly used stolen contractor credentials to steal almost 21.5 million…
