Photo of Sarah S. Hazimi

Sarah S. Hazimi is an associate in Dykema's Bloomfield Hills office. Ms. Hazimi focuses her practice on data privacy and security as well as litigation matters.

Prior to joining Dykema, Ms. Hazimi served as an intern for the former Chief Judge Gerald Rosen in the Eastern District of Michigan's federal court. Ms. Hazimi also interned at the United States Attorney's Office in Detroit, where she assisted in the drug task force. Ms. Hazimi previously worked as a research clerk at a Michigan-based law firm.

On March 26, 2020, the District of Colombia enacted Act 23-268, known as the “Security Breach Protection Amendment Act of 2020.” Acting as an amendment of Section 28 of Chapter 38 of the District of Columbia Code, the Act: (1) expands the definition of “personal information,” (2) amends breach notification requirements, (3) adds new security requirements; and (4) expands the Act’s enforcement.

1. Definition of “Personal Information”

Under the Act, “personal information” now includes an individual’s name combined with one of the following data elements:
Continue Reading District of Columbia Amended Privacy Law Creates New Requirements

Following a security incident involving its website’s chat function, Delta filed suit in the Southern District of New York against its tech vendor, [24]7.ai. Delta alleged fraud, negligence and breach of contract. A consumer class action lawsuit had already been filed against Delta in the Northern District of Georgia, related to the same incident.

According to the Complaint, on March 28, 2018, Delta was notified by [24]7.ai that a security incident had potentially compromised personally identifying information and payment card data of up to 825,000 of Delta’s customers. Delta alleges that “at least one third-party attacker gained access to Defendants’ computer networks and modified the source code of Defendants’ chat services software to enable the attacker to ‘scrape’ PII and payment card data from individuals using websites of Defendants’ clients, including Delta’s website…” Delta engaged a forensics team and began working with federal law enforcement upon receiving notice from [24]7.ai. Delta then publicly announced the breach, notified its customers, launched free credit monitoring services, and filed a lawsuit against [24]7.ai. Delta is seeking reimbursement of all breach-related costs. 
Continue Reading Delta Airlines Sues Vendor for Data Breach