James DeGraw

James DeGraw

Ropes & Gray LLP

Contact  |  View Bio  |  RSS

Latest Publications

Share:

Supreme Court’s Spokeo Decision Erects Barriers for Privacy and Data Security Plaintiffs

On May 16, 2016, the United States Supreme Court in Spokeo, Inc. v. Robins confirmed that a “concrete” injury is required of all private parties seeking to assert claims in federal court, even those alleging violations of a...more

5/18/2016 - Article III Class Action FCRA Injury-in-Fact SCOTUS Spokeo v Robins Standing Statutory Damages

First Circuit Decision Increases Risks to Businesses Under VPPA

On April 26, 2016, the First Circuit handed down a plaintiff-friendly Video Privacy Protection Act (“VPPA”) decision offering potentially expansive definitions of “subscriber” and “personally identifiable information.” The...more

5/13/2016 - Mobile Apps Personally Identifiable Information VPPA

Key Data Privacy and Security Concerns for Investment Firms

Privacy and data security concerns are among the most critical issues facing investment funds, advisors and managers (collectively, “investment firms”). This article outlines the privacy and data security challenges...more

5/12/2016 - Cybersecurity FTC HIPAA HITECH Investment Funds OCR Popular SEC Security and Privacy Controls

PCI SSC Releases Version 3.2 of Data Security Standard

On April 28, 2016, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.2. Significantly, the updated standard requires...more

5/5/2016 - Data Security Encryption PCI-DSS Standard SSL

U.S. Supreme Court Affirms Class Certification Based on “Representative Evidence” of Liability and Damages

On March 22, 2016, the Supreme Court of the United States issued a 6-2 opinion in Tyson Foods, Inc. v. Bouaphakeo, affirming the certification of a class based on the “representative evidence” of a statistical sample used to...more

4/4/2016 - Calculation of Damages Class Action Class Certification Class Representatives Doffing Donning Dukes v Wal-Mart FLSA SCOTUS Statistical Sampling Tyson Foods v Bouaphakeo

FTC Launches Study of Assessment Process for Payment Card Industry Data Security Standards

On March 7, the FTC announced a study of Payment Card Industry Data Security Standard (“PCI DSS”) assessments – the audits required of certain merchants pursuant to rules imposed by payment card brands such as Visa and...more

4/1/2016 - Credit Cards Data Security FTC Payment Systems PCI-DSS Standard

Consumer Financial Protection Bureau Brings Its First Data Security Enforcement Action

On March 2, the Consumer Financial Protection Bureau (“CFPB”) issued its first ever consent order in a data security matter. According to the order, Dwolla, Inc. settled allegations that it misrepresented that the company had...more

3/11/2016 - CFPB Consent Order Data Security Dwolla Payment Processors Personally Identifiable Information

European Commission Releases Text of Proposed Privacy Shield Agreement for Transfer of European Union Citizen Data to the United...

On February 29, 2016, the European Commission released the full text of the proposed EU-U.S. Privacy Shield agreement, a data protection self-certification framework for companies transferring EU citizen data to the United...more

3/8/2016 - Data Processors EU EU-US Privacy Shield FTC International Data Transfers Self-Certification

FTC’s Proposed Settlement with Dental Practice Software Provider Marks Latest Data Security Action Against a Product Supplier

On January 5, the Federal Trade Commission (“FTC”) reached an agreement with Henry Schein Practice Solutions, Inc. (“HSPS”) to settle allegations that HSPS misrepresented that its dental practice software provided...more

2/8/2016 - Encryption Enforcement Actions FTC HIPAA Personally Identifiable Information Software Developers

Wyndham and FTC Agree to Consent Order Ending Data Security Breach Litigation

On Friday, December 11, 2015, the U.S. District Court for the District of New Jersey entered a consent order between the Federal Trade Commission (“FTC”) and hospitality company Wyndham Hotels and Resorts, LLC (“Wyndham”)...more

12/23/2015 - Consent Order Data Breach FTC FTC v Wyndham LabMD Popular Section 5 Unfair or Deceptive Trade Practices

State Attorneys General Fire Shot Across the Bow at Major Payment Card Brands Over “Chip and PIN” Technology

For well over a decade, U.S. regulators have been taking enforcement action against merchants and payment processors that, in the regulators’ view, failed to take “reasonable and appropriate” steps to secure payment card...more

12/7/2015 - Attorney Generals Banking Sector Chip and PIN Debit and Credit Card Transactions Enforcement Actions Personally Identifiable Information

ALJ Dismisses FTC Data Security Claims Against LabMD Due to Lack of Actual or Likely Substantial Consumer Harm

On November 13, a Federal Trade Commission administrative law judge dismissed the FTC data security complaint against medical laboratory LabMD, potentially vindicating LabMD’s vigorous two-year struggle to deny the FTC’s...more

11/25/2015 - ALJ Data Breach FTC LabMD Section 5

FCC Expands Its Claim of Data Security Authority with Recent Enforcement Action Against Cox Communications

Last week, the Federal Communications Commission (“FCC”) reached a settlement with Cox Communications, Inc. (“Cox”) regarding a 2014 data security breach that allegedly exposed the personal information of at least 54 current...more

11/16/2015 - Consent Decrees Cox Communications Customer Proprietary Network Information (CPNI) Data Breach Enforcement Actions FCC Popular

EU - US Personal Data Transfers - Safe Harbor Under Threat

Following a private challenge by an Austrian law student to the storage by Facebook of his personal data on servers located in the United States, the EU Advocate General (the “Advocate General”) has filed an advisory opinion...more

9/25/2015 - Data Protection Authority Edward Snowden EU EU Data Protection Laws European Commission Facebook International Data Transfers NSA Personally Identifiable Information Safe Harbors Social Media Surveillance U.S. Commerce Department US-EU Safe Harbor Framework

U.S. Supreme Court Preserves 50-Year-Old Rule Barring Post-Patent Royalties

On Monday, June 22, 2015, the U.S. Supreme Court issued a 6-3 decision in Kimble v. Marvel Entertainment, declining to reverse longstanding, yet controversial, precedent holding post-patent term royalties to be unlawful per...more

6/25/2015 - Antitrust Provisions Brulotte Contract Term IP License Kimble v Marvel Enterprises License Agreements Patent Litigation Patent Royalties Patents Popular Rule-of-Reason Analysis SCOTUS Stare Decisis

Nomi FTC Settlement Highlights Risks of Publicizing Company Privacy Policies

A closely divided Federal Trade Commission (“FTC” or the “Commission”) has signaled support for the agency’s recent focus on mobile device privacy. On April 23, 2015, the five-member Commission voted 3-2 to accept a proposed...more

5/21/2015 - Consent Order Corporate Counsel Data Collection FTC Misrepresentation Mobile Privacy Nomi Technologies Opt-Outs Prior Express Consent Privacy Laws Retailers Section 5

PCI SSC Releases Version 3.1 of Data Security Standard

On April 15, 2015, the Payment Card Industry Security Standards Council (the “PCI SSC” or “Council”) released a new version of its Data Security Standard (“PCI DSS”), version 3.1, which contains numerous updates including,...more

5/20/2015 - Cybersecurity Debit and Credit Card Transactions Encryption Payment Processors PCI-DSS Standard

FCC Action Against AT&T Reflects Regulator’s Increasing Focus on Privacy and Data Security

In the wake of the Federal Communications Commission’s (“FCC’s”) first-ever foray last October into fining companies over data security practices, the agency’s Enforcement Bureau Chief, Travis LeBlanc, asserted that the...more

4/24/2015 - AT&T Data Breach Enforcement Actions FCC Open Internet Rules Regulatory Agenda

Online Retailer Zappos.com Reaches Settlement with Nine Attorneys General Over Data Security Breach

Last week, the online shoe and clothing retailer Zappos.com, Inc., reached a settlement with nine state Attorneys General over a 2012 data security breach that allegedly exposed the personal information of more than 24...more

1/15/2015 - Attorney Generals Corporate Counsel Data Breach Internet Retailers Retailers Security Audits Settlement Zappos

New York Establishes New Cyber Security Examination Process for Financial Institutions

New York’s Department of Financial Services released a letter on December 10, 2014, announcing the details of its plan to focus more attention on cyber security matters in conducting examinations. Directed at New...more

12/16/2014 - Banks Cybersecurity Data Breach Data Protection Financial Institutions OCIE Popular SEC

U.S. Supreme Court to Review Whether Post-Patent Term Royalty Schemes Lawful

On Friday, December 12, 2014, the U.S. Supreme Court granted certiorari on Kimble v. Marvel Enterprises, Inc., No. 13-720, opening the possibility that the Supreme Court will overturn Brulotte v. Thys Co., 379 U.S. 29 (1964),...more

12/16/2014 - Antitrust Provisions Certiorari Kimble v Marvel Enterprises License Agreements Patent Royalties Patents SCOTUS

Supreme Court Rules in Favor of Broadcasting Companies in Aereo’s Copyright Battle Over Internet Television Streaming

The United States Supreme Court on June 25, 2014, held that Aereo’s system for capturing and recording broadcast TV programming, and then streaming that programming to individual subscribers, “performs” that programming...more

7/1/2014 - ABC ABC v Aereo Broadcasting Copyright Copyright Infringement Public Performance Rights SCOTUS The Copyright Act

California Attorney General Issues Guidance on Do Not Track

In 2013, the California Legislature passed a tracking transparency bill, AB 370, which amended the California Online Privacy Protection Act (“CalOPPA”). AB 370 requires commercial website operators to inform users of how they...more

5/28/2014 - Amended Regulation Attorney Generals Best Management Practices CalOPPA Data Protection Disclosure Requirements Do Not Track FTC Personally Identifiable Information Privacy Policy Websites

Hulu Video Privacy Protection Act Summary Judgment Ruling in the N.D. of California Emphasizes Importance of Knowing What Data...

On Monday, April 28, 2014, the Northern District of California in In Re: Hulu Privacy Litigation, No. 3:11-cv-03764-LB (M.J. Laurel Beeler), issued a summary judgment opinion under the Video Privacy Protection Act (“VPPA”),...more

5/5/2014 - Class Action Data Collection Data-Sharing Facebook Hulu Personally Identifiable Information Privacy Disclosures Third-Party Video Privacy Protection Act

36 Results
|
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×