As we have noted before in this space, states have begun going through the process of amending their data breach notification laws. California, for example, recently amended its data breach notification statute to expand the...more
A Massachusets court recently held that a defendant cannot be compelled to provide a cell phone PIN number to a cell phone that is seized in an arrest, because doing so would be self-incriminating. In Commonwealth v. Jones,...more
Unmanned aerial vehicles, or “drones,” as they’re commonly called, touch on numerous hot-button cybersecurity issues. As devices connected to networks, they are important when considering the “internet of things.” As used...more
Recently, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477, which aims to provide guidance and clarity to lawyers as they consider what level of security to give communications...more
The Computer Fraud and Abuse Act, or CFAA, is the federal “anti-hacking” statute (or sometimes referred to as a “computer trespass” statute). In essence, the CFAA prohibits intentional unauthorized access into another...more
Plaintiffs presenting a claim in federal court must have standing to sue, under Article III of the Constitution (as we have written about in the past). The Second Circuit recently entered an order reminding plaintiffs,...more
On March 6, 2017, President Trump issued a new Executive Order entitled, “Protecting the Nation from Foreign Terrorist Entry into the United States” (the “New EO”). The New EO expressly “revok[es]” and “replac[es]” the...more
(First in a continuing series.)
Active Cyber Defense, or ACD, is a broad category encompassing different kinds of actions that organizations can take to defend against breaches and cyberattacks. The operative word is...more
Introduction -
Cybersecurity was a prominent factor in 2016 in all aspects of government, business and personal affairs. Russian and other foreign national hacking has the potential to spark a new form of cold...more
2/16/2017
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybertheft ,
Energy Sector ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Internet of Things ,
Popular ,
Ransomware ,
Trade Secrets
Editor’s note: This is the sixth and last in our end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, HIPAA compliance, emerging threats, and energy. See you in...more
In Case You Missed It: The Federal Trade Commission has opened a public comment period to evaluate its Safeguards Rule (16. C.F.R. § 314.3). Under the Gramm-Leach-Bililey Act (GLBA), which regulates financial institutions,...more
In Case You Missed It: In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command. The U.S. Cyber Command, or USCYBERCOM, was...more
In Case You Missed It: The Federal Trade Commission issued an opinion in the LabMD case, overturning an ALJ’s November 2015 decision holding that the FTC failed to meet its burden to prove that LabMD’s data security...more
8/1/2016
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hackers ,
Hillary Clinton ,
LabMD ,
Political Campaigns ,
Section 5 ,
Unfair or Deceptive Trade Practices
In Case You Missed It: The EU/US Privacy Shield is set to go into effect this Tuesday, July 13, pending a decision today by the EU’s College of Commissioners. On Friday, July 8, the Privacy Shield agreement (entered into in...more
In Case You Missed It: Ruling in FTC v. Amazon Suggests a Way Forward for Companies Responding to Actions Brought by the FTC after a Data Breach. The FTC’s recent actions in the realm of data security have been predicated on...more
7/6/2016
/ Administrative Authority ,
Amazon ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Google ,
Invasion of Privacy ,
Viacom ,
VPPA
In Case You Missed It -
The FTC settled with mobile advertising company InMobi for $950,000 in civil penalties, along with the implementation of a privacy program, based on the FTC’s charges that InMobi impermissibly...more
In Case You Missed It: Illinois strengthened its data privacy and security law, with the amendments going into effect in January 2017. The amendments include expanding the definition of “personal information” to include a...more
In Case You Missed It: The SEC fined Morgan Stanley $1 million for a 2014 data breach. While the FTC had declined to pursue an enforcement action, blaming the breach on technical issues rather than any actions or omissions...more
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law...more
6/7/2016
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
Facebook ,
Hackers ,
International Data Transfers ,
LinkedIn ,
Mark Zuckerberg ,
Personal Data ,
Privacy Umbrella ,
Ransomware ,
Social Media
As litigators, we help clients resolve conflicts that have matured into disputes. In the realm of cybersecurity, we defend claims brought by private parties or governmental entities against companies facing the fallout from...more
What is the future of data privacy regulation in Massachusetts? -
On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society,...more
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim.
Businesses confronting data breaches can face litigation from private consumers as well as from...more
2/18/2016
/ Article III ,
Clapper v. Amnesty International ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
FTC v Wyndham ,
Injury-in-Fact ,
LabMD ,
Neiman Marcus ,
Securities and Exchange Commission (SEC) ,
Standing ,
Unfair or Deceptive Trade Practices ,
Wyndham
On December 9, 2015, Wyndham and the FTC settled the enforcement action brought by the FTC that had led to a significant decision by the Third Circuit in August of this year. While the details of the settlement are...more
The scaffolding of the FTC’s powers in the realm of cybersecurity continues to be built. On Monday, the FTC’s Chief Administrative Law Judge D. Michael Chappell issued an initial decision in the FTC’s closely watched...more
I had the pleasure of moderating an excellent panel at the Advanced Cyber Security Center’s annual conference on November 4. The panel’s topic for discussion was “What is Reasonable in Cybersecurity: Responsibility and...more
11/5/2015
/ Audits ,
Best Practices ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Information Technology ,
Popular ,
Risk Management ,
Risk Mitigation