Although all fifty states now have data breach notification statutes on the books, a smaller but growing number of states have adopted substantive data privacy laws. The recently passed California Privacy Rights Act (CPRA)...more
In In re WeWork Litigation, the Delaware Court of Chancery has held that a company’s communications with outside directors are not protected by attorney-client privilege. The directors had used outside email accounts for the...more
The major current cybersecurity story involves a popular SolarWinds network managing software package, Orion. A sophisticated actor, with the signatures of a nation state, infiltrated Orion in a software update. Once inside,...more
A federal court has held that neither the work product nor attorney-client privilege doctrines shield a cyber expert’s report from discovery....more
2020 was a year like no other. From an unprecedented “work from home” shift to a blockbuster European court ruling to a mammoth cyber attack, businesses scrambled to adapt to an endless series of cyber challenges. 2021 shows...more
1/20/2021
/ Biden Administration ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Popular
The UK left the EU on January 31, 2020. On Christmas Eve, the two parties signed a Trade and Cooperation Agreement. Under the Agreement, EU personal data can be processed in the UK for six months. The European Commission will...more
Data Transfer from the European Union to the United States is a knotty process. The difficulties were compounded this summer when Europe’s highest court held the “Privacy Shield” program enabling U.S-E.U. data transfers...more
11/25/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Officers (DPOs) ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information
We have previously written about “phishing.” Phishing involves using social pressure to trick the recipient to send sensitive information, network control, or credentials, to hackers posing as authorized users....more
A federal court has ruled that 47 U.S.C. “Section 230” of the Communications Decency Act shields Twitter from claims it aided and abetted defamation. Brikman v. Twitter, Inc., 2020 WL 5594637 (E.D.N.Y., September 17, 2020)...more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
9/23/2020
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Risk Management
In a ruling that could have broad ramifications for health data sharing, a federal judge has ruled that a patient complaining about a hospital sharing his health data without permission lacked standing because he suffered no...more
Turo is an Airbnb service for cars. Technically, it is a peer-to-peer car rental marketplace. It does not control the terms of the car rental. But it does bring owners and renters together....more
8/11/2020
/ Car Rentals ,
Communications Decency Act ,
Counterclaims ,
Declaratory Judgments ,
Digital Marketplace ,
Digital Platform Liability ,
Immunity ,
p2p ,
Section 230 ,
Statutory Violations ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices ,
User-Generated Content
The United States Department of Health and Human Services (HHS) has closed an investigation into a Rhode Island health system stemming from a 2017 breach. Briefly summarized, Lifespan Health System Affiliated Covered Entity...more
Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal...more
The sword finally fell. Last week, the European Union’s (EU) highest court, the Court of Justice (CJEU) invalidated Privacy Shield. Privacy Shield was a legal framework that enabled EU companies to process data in the United...more
In Compulife Software Inc. v. Newman, No. 18-12004, 2020 WL 2549505 (11th Cir. May 20, 2020), the Eleventh Circuit vacated a trial court ruling that competitors who used a website operator’s server and database did not...more
The Supreme Court affirmed the Telephone Consumer Protection Act’s (TCPA) prohibition on robocalls this week – with one caveat. In Barr v. Am. Ass’n of Political Consultants, No. 19-631, July 6, 2020, the court struck down...more
7/9/2020
/ ATDS ,
Auto-Dialed Calls ,
Barr v American Association of Political Consultants Inc ,
Cell Phones ,
Compelling Governmental Interest ,
Constitutional Challenges ,
Content-Based Restrictions ,
Debt Collection ,
Exceptions ,
Federal Bans ,
First Amendment ,
Free Speech ,
Government Debt-Exception ,
Robocalling ,
SCOTUS ,
Severability Doctrine ,
Strict Scrutiny Standard ,
TCPA
United States Magistrate Judge Christopher J. Burke of the District of Delaware recently held that “click fraud” violates the federal Computer Fraud and Abuse Act, 18 U.S.C 1030 (“CFAA”). “Click fraud” refers to a phenomenon...more
Allegations of intentionally purged emails, wiped laptops and servers, and corrupted key source code rarely sink major cases. But Judge Davila of the Northern District of California recently reminded litigants that failure to...more
The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has warned of escalating cyber-attacks on organizations working on the COVID-19 pandemic. CISA, the FBI, and the...more
We enjoy Jerry Bruckheimer movies. Living in one is another matter. COVID-19 has generated scenes that give us pause. An empty Times Square. A Los Angeles with moving traffic. A Washington eerie in its silence. Closed stores....more
The Supreme Court has granted certiorari in its first Computer Fraud and Abuse Act (CFAA) case, Van Buren v. United States. CFAA is the federal anti-hacking law that the criminal defense and civil liberties bars have argued...more
Employers are responding to COVID-19 by allowing, and even mandating remote working. Companies ranging from Amazon, Microsoft, and Google to local design shops have asked employees to work from home. While increasingly common...more
As coronavirus sweeps the country, the patient load swamps the ability of health care professionals to deal with the crisis. In the United States, one measure used to expand capacity is telemedicine. Consequently, one concern...more
The coronavirus, officially COVID-19, is the most significant public health emergency in decades. The virus, believed to have originated in Wuhan, has expanded with astonishing rapidity. Despite government efforts, it has...more