David McIntosh

David McIntosh

Ropes & Gray LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

New York Supreme Court Rules that Merchant Lacks Standing to Sue MasterCard over Data Security Breach Assessments; All Merchants...

On May 5, the Commercial Division of the New York Supreme Court for Westchester County dismissed the complaint in Jetro Holdings, LLC v. MasterCard International, Inc., in which Jetro, a leading food service wholesaler, had...more

6/21/2016 - Corporate Counsel Data Breach Dismissals Equitable Subrogation MasterCard PNC Standing

Federal Trade Commission Chairwoman Ramirez Testifies Before Congress Regarding 17 FTC Reform Bills Pending in Congress

On May 24, 2016, Federal Trade Commission (“FTC” or the “Commission”) Chairwoman Edith Ramirez delivered testimony before the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing, and Trade in a...more

6/9/2016 - Congressional Investigations & Hearings FTC Proposed Legislation Regulatory Agenda

Supreme Court’s Spokeo Decision Erects Barriers for Privacy and Data Security Plaintiffs

On May 16, 2016, the United States Supreme Court in Spokeo, Inc. v. Robins confirmed that a “concrete” injury is required of all private parties seeking to assert claims in federal court, even those alleging violations of a...more

5/18/2016 - Article III Class Action FCRA Injury-in-Fact SCOTUS Spokeo v Robins Standing Statutory Damages

First Circuit Decision Increases Risks to Businesses Under VPPA

On April 26, 2016, the First Circuit handed down a plaintiff-friendly Video Privacy Protection Act (“VPPA”) decision offering potentially expansive definitions of “subscriber” and “personally identifiable information.” The...more

5/13/2016 - Mobile Apps Personally Identifiable Information VPPA

Key Data Privacy and Security Concerns for Investment Firms

Privacy and data security concerns are among the most critical issues facing investment funds, advisors and managers (collectively, “investment firms”). This article outlines the privacy and data security challenges...more

5/12/2016 - Cybersecurity FTC HIPAA HITECH Investment Funds OCR Popular SEC Security and Privacy Controls

PCI SSC Releases Version 3.2 of Data Security Standard

On April 28, 2016, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.2. Significantly, the updated standard requires...more

5/5/2016 - Data Security Encryption PCI-DSS Standard SSL

U.S. Supreme Court Affirms Class Certification Based on “Representative Evidence” of Liability and Damages

On March 22, 2016, the Supreme Court of the United States issued a 6-2 opinion in Tyson Foods, Inc. v. Bouaphakeo, affirming the certification of a class based on the “representative evidence” of a statistical sample used to...more

4/4/2016 - Calculation of Damages Class Action Class Certification Class Representatives Doffing Donning Dukes v Wal-Mart FLSA SCOTUS Statistical Sampling Tyson Foods v Bouaphakeo

FTC Launches Study of Assessment Process for Payment Card Industry Data Security Standards

On March 7, the FTC announced a study of Payment Card Industry Data Security Standard (“PCI DSS”) assessments – the audits required of certain merchants pursuant to rules imposed by payment card brands such as Visa and...more

4/1/2016 - Credit Cards Data Security FTC Payment Systems PCI-DSS Standard

Consumer Financial Protection Bureau Brings Its First Data Security Enforcement Action

On March 2, the Consumer Financial Protection Bureau (“CFPB”) issued its first ever consent order in a data security matter. According to the order, Dwolla, Inc. settled allegations that it misrepresented that the company had...more

3/11/2016 - CFPB Consent Order Data Security Dwolla Payment Processors Personally Identifiable Information

European Commission Releases Text of Proposed Privacy Shield Agreement for Transfer of European Union Citizen Data to the United...

On February 29, 2016, the European Commission released the full text of the proposed EU-U.S. Privacy Shield agreement, a data protection self-certification framework for companies transferring EU citizen data to the United...more

3/8/2016 - Data Processors EU EU-US Privacy Shield FTC International Data Transfers Self-Certification

FTC’s Proposed Settlement with Dental Practice Software Provider Marks Latest Data Security Action Against a Product Supplier

On January 5, the Federal Trade Commission (“FTC”) reached an agreement with Henry Schein Practice Solutions, Inc. (“HSPS”) to settle allegations that HSPS misrepresented that its dental practice software provided...more

2/8/2016 - Encryption Enforcement Actions FTC HIPAA Personally Identifiable Information Software Developers

The FTC’s Recent Enforcement Action Against Oracle Further Expands the Growing Pool of Potential Data Security Defendants

On December 21, 2015, Oracle Corporation (“Oracle”) reached an agreement with the Federal Trade Commission (“FTC”) to settle charges that it allegedly deceived customers regarding the security provided by updates to its Java...more

1/12/2016 - Consent Order Enforcement Actions FTC Oracle Unfair or Deceptive Trade Practices

Wyndham and FTC Agree to Consent Order Ending Data Security Breach Litigation

On Friday, December 11, 2015, the U.S. District Court for the District of New Jersey entered a consent order between the Federal Trade Commission (“FTC”) and hospitality company Wyndham Hotels and Resorts, LLC (“Wyndham”)...more

12/23/2015 - Consent Order Data Breach FTC FTC v Wyndham LabMD Popular Section 5 Unfair or Deceptive Trade Practices

State Attorneys General Fire Shot Across the Bow at Major Payment Card Brands Over “Chip and PIN” Technology

For well over a decade, U.S. regulators have been taking enforcement action against merchants and payment processors that, in the regulators’ view, failed to take “reasonable and appropriate” steps to secure payment card...more

12/7/2015 - Attorney Generals Banking Sector Chip and PIN Debit and Credit Card Transactions Enforcement Actions Personally Identifiable Information

ALJ Dismisses FTC Data Security Claims Against LabMD Due to Lack of Actual or Likely Substantial Consumer Harm

On November 13, a Federal Trade Commission administrative law judge dismissed the FTC data security complaint against medical laboratory LabMD, potentially vindicating LabMD’s vigorous two-year struggle to deny the FTC’s...more

11/25/2015 - ALJ Data Breach FTC LabMD Section 5

FCC Expands Its Claim of Data Security Authority with Recent Enforcement Action Against Cox Communications

Last week, the Federal Communications Commission (“FCC”) reached a settlement with Cox Communications, Inc. (“Cox”) regarding a 2014 data security breach that allegedly exposed the personal information of at least 54 current...more

11/16/2015 - Consent Decrees Cox Communications Customer Proprietary Network Information (CPNI) Data Breach Enforcement Actions FCC Popular

U.S. Supreme Court Preserves 50-Year-Old Rule Barring Post-Patent Royalties

On Monday, June 22, 2015, the U.S. Supreme Court issued a 6-3 decision in Kimble v. Marvel Entertainment, declining to reverse longstanding, yet controversial, precedent holding post-patent term royalties to be unlawful per...more

6/25/2015 - Antitrust Provisions Brulotte Contract Term IP License Kimble v Marvel Enterprises License Agreements Patent Litigation Patent Royalties Patents Popular Rule-of-Reason Analysis SCOTUS Stare Decisis

Nomi FTC Settlement Highlights Risks of Publicizing Company Privacy Policies

A closely divided Federal Trade Commission (“FTC” or the “Commission”) has signaled support for the agency’s recent focus on mobile device privacy. On April 23, 2015, the five-member Commission voted 3-2 to accept a proposed...more

5/21/2015 - Consent Order Corporate Counsel Data Collection FTC Misrepresentation Mobile Privacy Nomi Technologies Opt-Outs Prior Express Consent Privacy Laws Retailers Section 5

PCI SSC Releases Version 3.1 of Data Security Standard

On April 15, 2015, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.1, which contains numerous updates including,...more

5/20/2015 - Cybersecurity Debit and Credit Card Transactions Encryption Payment Processors PCI-DSS Standard

FCC Action Against AT&T Reflects Regulator’s Increasing Focus on Privacy and Data Security

In the wake of the Federal Communications Commission’s (“FCC’s”) first-ever foray last October into fining companies over data security practices, the agency’s Enforcement Bureau Chief, Travis LeBlanc, asserted that the...more

4/24/2015 - AT&T Data Breach Enforcement Actions FCC Open Internet Rules Regulatory Agenda

New York Establishes New Cyber Security Examination Process for Financial Institutions

New York’s Department of Financial Services released a letter on December 10, 2014, announcing the details of its plan to focus more attention on cyber security matters in conducting examinations. Directed at New...more

12/16/2014 - Banks Cybersecurity Data Breach Data Protection Financial Institutions OCIE Popular SEC

U.S. Supreme Court to Review Whether Post-Patent Term Royalty Schemes Lawful

On Friday, December 12, 2014, the U.S. Supreme Court granted certiorari on Kimble v. Marvel Enterprises, Inc., No. 13-720, opening the possibility that the Supreme Court will overturn Brulotte v. Thys Co., 379 U.S. 29 (1964),...more

12/16/2014 - Antitrust Provisions Certiorari Kimble v Marvel Enterprises License Agreements Patent Royalties Patents SCOTUS

Supreme Court Rules in Favor of Broadcasting Companies in Aereo’s Copyright Battle Over Internet Television Streaming

The United States Supreme Court on June 25, 2014, held that Aereo’s system for capturing and recording broadcast TV programming, and then streaming that programming to individual subscribers, “performs” that programming...more

7/1/2014 - ABC ABC v Aereo Broadcasting Copyright Copyright Infringement Public Performance Rights SCOTUS The Copyright Act

California Attorney General Issues Guidance on Do Not Track

In 2013, the California Legislature passed a tracking transparency bill, AB 370, which amended the California Online Privacy Protection Act (“CalOPPA”). AB 370 requires commercial website operators to inform users of how they...more

5/28/2014 - Amended Regulation Attorney Generals Best Management Practices CalOPPA Data Protection Disclosure Requirements Do Not Track FTC Personally Identifiable Information Privacy Policy Websites

37 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×