Emily Tabatabai

Emily Tabatabai

Orrick, Herrington & Sutcliffe LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

FTC Makes Clear that NIST Cyber Framework is Not a Cure-All

Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more

9/12/2016 - Cybersecurity Cybersecurity Framework Data Protection Data Security Encryption FTC NIST Popular Risk Management Section 5

Is Ransomware a Notifiable Data Breach Event?

There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more

7/29/2016 - Breach Notification Rule Cyber Attacks Cyber Crimes Cyber Threats Cybersecurity Hackers HIPAA Malware Notification Requirements OCR Personally Identifiable Information PHI Popular Ransomware

Requirements for valid consent – Why opting-in should not be optional

The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of...more

5/4/2016 - Consent Data Collection Data Protection Authority Disclosure Requirements EU General Data Protection Regulation (GDPR) Germany International Data Transfers New Guidance Opt-In Opt-Outs Personal Data

7th Circuit Revives P.F. Chang’s Data Breach Class Action Suit

Last week, the Seventh Circuit revived a data breach class action against P.F. Chang’s restaurant in an important opinion that continues a plaintiff-friendly trend that began with the court’s opinion in the Neiman Marcus case...more

4/21/2016 - Class Action Corporate Counsel Data Breach Identity Theft Neiman Marcus Notification Requirements Personally Identifiable Information PF Chang's Popular Standing

Tennessee Amends Breach Notice Statute: Sets Notice Deadline, Eliminates Encryption Safe Harbor

Tennessee recently amended its data breach notification law, and in doing so, it has joined the ranks of states like Florida, Ohio, and Wisconsin that require notification to residents of a data breach within a defined time...more

4/4/2016 - Amended Legislation Corporate Counsel Cyber Attacks Data Breach Data Protection Encryption Notification Requirements Personally Identifiable Information Risk Management

FTC Puts Teeth into Native Ads Guidance: Lord & Taylor Settles Deceptive Ad Claim

Last week, fashion retailer Lord & Taylor reached a settlement with the FTC over its allegedly deceptive advertising campaign, the first such action since the FTC released its Enforcement Policy Statement on Deceptively...more

3/24/2016 - Advertising Fashion Industry FTC Native Advertising Online Advertisements Popular Section 5 Social Media Unfair or Deceptive Trade Practices

Internet Providers on Notice: Draft Privacy Regulations Coming Soon

This month, the Federal Communications Commission (FCC) will consider issuing a Notice of Proposed Rulemaking (NPRM) for privacy regulations that will apply to broadband providers.  The goals and objectives of the proposed...more

3/16/2016 - Breach Notification Rule Broadband Communications Act of 1934 Data Security FCC Internet Service Providers (ISPs) NPRM Telecommunications

Safe Harbor 2.0: Political Agreement Reached – The EU-US Privacy Shield

The European Commission has announced that it has reached a deal to replace the EU-US Safe Harbor framework that was declared invalid last year by the Court of Justice of the European Union (“ECJ”). Heralded as the EU-US...more

2/3/2016 - Article 29 Working Party (WP29) Data Protection EU EU-US Privacy Shield FTC International Data Transfers Ombudsman Personal Data Popular Safe Harbors

FTC Enforcement in Schein: Misleading Statements about Encryption and Cybersecurity

On January 5, 2015, the Federal Trade Commission (FTC) entered into a consent order with dental software manufacturer Henry Schein Practice Solutions, Inc. ("Schein") in connection with allegations that Schein had made...more

1/26/2016 - Cybersecurity Dental Practice Encryption FTC HIPAA Misleading Statements Popular Software Developers

FTC and Wyndham Call a Truce

Following the Third Circuit’s ruling upholding the FTC’s authority to regulate unfair and deceptive cybersecurity practices under Section 5 of the FTC Act, Wyndham Worldwide Corporation and the FTC have agreed to settle. ...more

12/21/2015 - Cybersecurity Data Breach FTC Act FTC v Wyndham Personal Data Section 5 Settlement Unfair or Deceptive Trade Practices

EU Reaches Agreement On New Data Protection By Laws

After nearly 4 years of negotiations, yesterday evening the EU reached agreement on the final provisions of its new data protection laws. With it, a new era of data protection has been ushered in that will have far reaching...more

12/16/2015 - Data Processors Data Protection EU Personal Data Reporting Requirements

German DPAs Add Further Pressure to EU-US Data Transfers

Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more

10/27/2015 - Article 29 Working Group Binding Corporate Rules Cloud Computing Cybersecurity Data Privacy Data Protection Authority European Commission European Court of Justice (ECJ) Germany International Data Transfers Personal Data Privacy Laws Right to Privacy Safe Harbors US-EU Safe Harbor Framework

Notifying Parties In Username/Password Breaches . . . It’s Not Just the Law

As we head into the end of 2015, state legislators across the country continue to strengthen, update and, in some instances, broaden the scope of their respective state data breach notification laws. Specifically, many...more

10/1/2015 - Bank Accounts Breach Notification Rule Credit Cards Cyber Attacks Cyber Crimes Cybersecurity Data Breach Data Breach Plans Data Protection Data Security Debit Cards Hackers Passwords Personally Identifiable Information Privacy Laws Proposed Legislation Social Security Numbers

Third Circuit to Wyndham (Part II): "Deceptive" is also "Unfair" in the Cybersecurity Context

In Part I, we discussed the Third Circuit's finding that the "unfair" prong of the FTC Act does not require the agency to provide specific cybersecurity standards with "ascertainable certainty" to which companies must...more

9/11/2015 - Cybersecurity FTC FTC v Wyndham Hackers Misleading Statements Privacy Policy Public Statements Unfair or Deceptive Trade Practices Wyndham

Third Circuit to Wyndham (Part I): It's "Fair" that FTC Did Not Articulate Specific Cybersecurity Standards in Enforcement Action...

On Monday, the Third Circuit issued a highly anticipated opinion affirming the Federal Trade Commission's authority to regulate "unfair" cybersecurity practices under Section 5 of the FTC Act. In allowing the data breach...more

8/27/2015 - Credit Cards Cyber Attacks Cyber Crimes Cybersecurity Data Breach Data Protection Data Security Debit Cards Enforcement Actions Fraudulent Charges FTC FTC v Wyndham Hackers Section 5 Wyndham

New California Law for Minors Went Into Effect Jan. 1: What You Need to Know to Comply

California S.B. 568, “Privacy Rights for California Minors in the Digital World” (Cal. Bus. & Prof. Code § 22580-22581) took effect on Jan. 1, 2015. Enacted as an amendment to CalOPPA, the law contains two main provisions: 1)...more

2/4/2015 - Advertising to Minors Amended Legislation CalOPPA Minor Eraser Law

Obama Administration Announces Cybersecurity and Privacy Initiatives

On Monday, January 12, 2015, President Obama appeared at the Federal Trade Commission to announce the administration’s blitz of cyber security and privacy legislative and public policy initiatives, which will be discussed in...more

1/21/2015 - Barack Obama Breach Notification Rule Computer Fraud and Abuse Act (CFAA) Consumer Privacy Bill of Rights Domestic Policy Information Sharing Personal Data Privacy and Security Act RICO

Mobile Apps Remain Regulatory Focus as FTC Enforces Data Privacy of Popular Program

The provider of the immensely popular “Brightest Flashlight Free” mobile app for Android reached a settlement with the Federal Trade Commission (FTC) over charges that it collected sensitive personal information, including...more

12/9/2013 - Data Collection Data Protection Disclosure Requirements Enforcement Actions FTC Mobile Apps Personally Identifiable Information Settlement Terms of Use

California Enacts Several Pieces of New Privacy Legislation

California is continuing to blaze new trails in the area of online data privacy. Gov. Jerry Brown recently signed into law several new pieces of privacy legislation. The new laws affect all operators of commercial Web sites...more

10/4/2013 - CalOPPA Data Breach Data Collection Data Protection Disclosure Requirements Do Not Track Notice Requirements Personally Identifiable Information Right to Delete Websites

FTC Dot Com Disclosure Update: What's New for 2013

In March, the Federal Trade Commission issued updated advertising guidelines to take into account the challenges created by the rapid growth of mobile and online advertising platforms, particularly small screen size and other...more

4/24/2013 - Advertising Disclosure Requirements Dot Com Disclosure Guide FTC Mobile Devices Unfair or Deceptive Trade Practices

27 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×