Author Archives: John Hutchins

John Hutchins

About: John Hutchins

John Hutchins represents businesses in all types of commercial litigation and various types of transactions involving information technology, intellectual property and privacy and data security. John's more than 20 years of litigation experience runs the gamut in subject matter, from data breaches, to eminent domain, to vintage race cars, to death penalty habeas corpus. He has particular experience in matters involving privacy and data security, computer hardware and software development projects, government procurement, protection of trade secrets and proprietary business information, the Internet and e-commerce, cloud computing, trademark and copyright infringement, restrictive covenants and breach of fiduciary duty.

Despite Equifax Breach Causes, Social Engineering Still Biggest Threat to Data Security

It’s now been widely reported that the cause of the recent Equifax data breach, which compromised the personal data of perhaps as many as 143 million people, was the result of the company’s alleged failure to apply a patch to fix a known security hole in some open source software (OSS), known as Apache Struts.  But there is now some controversy about whether those reports are accurate or reliable, and some of the early reports have since been retracted.  There is technical complexity about security holes in OSS and application of patches that have led to conflicting viewpoints on how …


The Anthem Breach – A Retrospective

Many people and news outlets have opined, weighed in, and informed the public about the 2015 Anthem breach. It remains a hot topic in January 2017, because it currently lines up with other hot stories about hacking ordered by foreign governments.  But even before the Anthem breach was linked to one of the biggest issues of the 2016 election cycle, it was an important data incident, for several reasons. Why was the Anthem breach important at that time? The Anthem breach was notable because it was the first major data breach that potentially involved protected health information. Media coverage about …


Outsourcing Lessons from an “Uber” Uber-Rider

In July 2015, my 12-year-old SUV, with 220,000 miles, finally breathed its last breath.  It was time for me to buy a new car.  But, instead, I decided to try a little personal experiment with the “sharing economy.”  Based on a back-of-the-napkin calculation, I determined that it might actually be cheaper to completely outsource my driving to Uber (or its competitor, Lyft).  Using a source like, it’s easy to find out the “true cost of ownership” of any car you might have your eye on.  Looking at comparable replacement vehicles, my “true cost to own”– fees, fuel, insurance, maintenance …


Re-Thinking the “Standard” Arbitration Clause in Cloud Agreements (Part III): Taking Full Advantage of ADR in Cloud Agreements

Part I of this three-part article included some history about how it came to be so common that modern technology agreements – including “cloud agreements” – often include a “standard” arbitration clause. Part II asked and answered the question: Is arbitration “cheaper, faster and better” than a traditional lawsuit? This final installment will focus on some of the clear disadvantages of arbitration and make some suggestions regarding how to better take advantage of the availability of ADR. Sometimes, It’s Not How You Play the Game, It’s Whether You Win or Lose The one aspect of arbitration that is perhaps most …


Rethinking the “Standard” Arbitration Clause in Cloud Agreements (Part II)

Part I of this article included a little bit of history about how it came to be so common that modern technology agreements – including “cloud agreements” – often include a rather ubiquitous, sort of “standard” arbitration clause. The first article in this three-part series also put forth the question of whether some of the common assumptions about arbitration – namely, that arbitration is cheaper, faster and better than a traditional lawsuit – are true. This middle article in the series aims to try to answer that question: Is arbitration truly “cheaper, faster or better?” A close examination of these …


Rethinking the “Standard” Arbitration Clause in Cloud Agreements

Twenty or so years ago, arbitration began to gain wide acceptance among lawyers as a viable alternative for the effective resolution of civil disputes.  Clients were beginning to view “alternative dispute resolution” (ADR) as the best hope for avoiding the expensive morass that litigation in court can sometimes be.  As a result, many trial lawyers began to jump on the bandwagon and tout their skills not only as trial lawyers, but also as experts in “all forms of dispute resolution.”  Certainly, very few lawyers ever attempted to talk their client out of inserting an arbitration clause into an agreement.  Indeed, …


Privacy vs. Data Security: Why Plaintiffs in Consumer Data Breach Cases Still Have a Long Way to Go

The year 2005 really marked the beginning of the “era of data breaches,” and with it, the “era of data breach lawsuits.” The ChoicePoint data breach in late 2004, which first became newsworthy in early 2005, was the catalyst. That breach involved approximately 163,000 records, which by 2005 standards was a “major” data breach, and ChoicePoint was the first organization to notify the data subjects of the breach under the first (and only) data breach notification law in the country – the California law known back then by privacy experts simply as SB 1386. The media floodgates that opened in …


Just Like Neiman Case, FTC v. Wyndham Decision Not All It’s Cracked Up to Be

Back on July 20 this year, the Seventh Circuit Court of Appeals decided Remijas v. Neiman Marcus, leading a chorus of pundits to declare that case changed everything when it comes to data breach cases, signaling a “new tilt towards victims.” In our August 6 blog post, we took a different view, emphasizing the importance of the procedural posture in that case, and noting that all the appellate court had done was decide that the allegations made by the plaintiffs in their complaint were sufficient to withstand a motion to dismiss and send the case back to the trial court …


Neiman Case a Harbinger For Data Breach Cases? Not So Fast

Much has been said in the past couple weeks about the decision by Seventh Circuit Court of Appeals in the case of Remijas v. Neiman Marcus. Some have suggested that the ruling makes it easier to sue over data breaches, or that the court’s opinion signals a “new tilt towards victims” and class-action lawsuits in the wake of a data breach. But we’re not sold that Neiman is any sort of a great shift in the 10-year long and, thus far, mostly fruitless effort by plaintiffs’ lawyers to turn data breaches into the next asbestos.

Should Feds Regulate Persistent Identifiers as Personal Information?

Recently, the Federal Trade Commission settled an action it had brought against Nomi Technologies, a provider of “in-store analytics” technology. The fact that the action was brought against Nomi to begin with, considering what Nomi does, and the 20-year consent decree that Nomi entered into with the FTC, has raised more than a few eyebrows. It has left many – including some of the FTC’s own Commissioners – wondering just what regulators are interested in when it comes to controlling information collection practices in the “information economy.” Nomi has developed and markets technology to retailers that helps to physically track …