The U.S. Supreme Court heard oral arguments in what may become one of the defining consumer privacy cases of our generation. The central question in Carpenter v. United States asks whether the government violates the Fourth...more
1/30/2018
/ Carpenter v US ,
Cell Phones ,
Criminal Investigations ,
Cybersecurity ,
Electronically Stored Information ,
Fourth Amendment ,
Location Data ,
Reasonable Expectation of Privacy ,
SCOTUS ,
Search & Seizure ,
Stored Communications Act ,
Third-Party Service Provider ,
Warrantless Searches
Recently, there has been a lot of discussion regarding the Spectre and Meltdown vulnerabilities. This alert provides a simple overview of what these vulnerabilities are, what systems could be affected, as well as steps that...more
More than ever before, biometric data, a term often used broadly to refer to metrics related to human characteristics, is being collected at a faster pace. Devices of all kinds are now able to able to track and store data...more
12/20/2017
/ Athletes ,
Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Educational Institutions ,
FERPA ,
Fingerprints ,
NBA ,
NFL ,
Personally Identifiable Information ,
SOPIPA ,
Sports ,
Student Athletes
The National Association of Insurance Commissioners (NAIC) has approved its draft of the Insurance Data Security Model Law (Model Law) via a meeting of its Executive and Plenary Committees. This important development follows...more
12/12/2017
/ Cybersecurity ,
Data Protection ,
Data Retention ,
Driver's Licenses ,
Financial Services Industry ,
Information Security ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Reporting Requirements ,
Risk Management ,
Third-Party Service Provider
As we near the end of a year that has seen more than its share of massive data breaches, two bills have been introduced (one re-introduced) in the U.S. Senate....more
12/11/2017
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Equifax ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Personally Identifiable Information ,
Popular ,
Proposed Legislation ,
Reporting Requirements ,
Uber
Recently proposed legislation in Ohio could provide businesses with special protection from lawsuits in the event of a hack under certain circumstances. Senate Bill 220 would shelter businesses that have been proactive in...more
11/14/2017
/ Attorney General ,
Chief Information Officers (CIO) ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Protection ,
NYDFS ,
Office of Consumer Affairs ,
Pending Legislation ,
Proposed Legislation ,
Safe Harbors
The Federal Trade Commission (FTC) clarified in recent guidance how the Children’s Online Privacy Protection Act (COPPA) applies to internet-connected device companies and other businesses that collect and use children’s...more
On September 7, 2017, Equifax, one of the three large credit reporting bureaus, announced a cybersecurity incident impacting approximately 143 million U.S. consumers. According to Equifax, the breach occurred mid-May through...more
9/13/2017
/ Breach Notification Rule ,
Consumer Financial Protection Bureau (CFPB) ,
Credit Cards ,
Credit Reporting Agencies ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Equifax ,
FBI ,
Federal Trade Commission (FTC) ,
Personally Identifiable Information ,
Popular
Recently, Uber agreed to a proposed Federal Trade Commission (FTC) consent order (“Consent Order”) to settle charges in an FTC complaint (“Complaint”) regarding behavior stemming back to at least 2014. Acting Chairman Maureen...more
8/25/2017
/ Consent Order ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
FTC Act ,
Misrepresentation ,
Personally Identifiable Information ,
Popular ,
Uber
Recently, the Electronic Privacy Information Center (“EPIC”) asked the FTC to begin an investigation into a Google program called “Store Sales Management.” The purpose of Store Sales Management is to allow for the matching...more
The Internet of Things (“IoT”) can be thought of as a group of different devices that can communicate with each other, perhaps over a network such as the internet. We have written extensively about many of the privacy...more
Recently the United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) and a branch of the Office of...more
Recently, a Google researcher discovered a serious flaw with the content delivery network (CDN) provided by CloudFlare. This vulnerability has now become known as Cloudbleed, in a nod to the earlier Heartbleed SSL...more
Five Things You (and Your M&A Diligence Team) Should Know -
Recently it was announced that Verizon would pay $350 million less than it had been prepared to pay previously for Yahoo as a result of data breaches that...more
The Securities and Exchange Commission (SEC) is investigating whether Yahoo! should have reported the two massive data breaches it experienced earlier to investors, according to individuals with knowledge. The SEC will...more
Developers and operators of educational technology services should take note. Just before the election, California Attorney General Kamala Harris provided a document laying out guidance for those providing education...more
Over the last week, details have become available to explain how an attack against a well-known domain name service (DNS) provider occurred. What about the potential legal risks? We will attempt to provide insights into...more
Imagine you are the CEO of company sitting across from an interviewer. The interviewer asks you the age old question, “So tell me about your company’s strengths and weaknesses?” You start thinking about your competitive...more
It’s time for a compliance check on those website or mobile app privacy policies, before the California Attorney General comes knocking.
Attorney General Kamala D. Harris has announced the release of a new tool for...more
The term “cloud computing,” — a process by which remote computers are used to store, manage and process data — is no longer an unfamiliar term. According to at least one estimate, “approximately 90 percent of businesses...more