In This Issue:

- Second Circuit Rules Patriot Act Does Not Authorize Bulk Metadata Collection; Congress Reconsiders Certain Patriot Act Authorities

- SEC Issues Cybersecurity Guidance for Investment Companies and Advisers

- US Enters Into Cybersecurity Alliances with Japan, South Korea and Gulf Cooperation Council Member States

- Court Denies Policyholder Coverage for Data Breach: Recall Total Information Management, Inc. v. Federal Insurance Company

- California Insurer Alleges Failure to Follow Best Practices Invalidates Cyber Liability Coverage

- FTC’s Brill Claims Jurisdiction Over Internet of Things

- FCC Expects to Begin Broadband Privacy Enforcement Activities This Month

- RadioShack Agrees to Limit Sale of Customer Information in Bankruptcy

- Nevada Expands Definition of Personal Information

- Connecticut Enacts New Employee Online Privacy Law

- Virginia Becomes First State to Mandate Enhanced Payment Security for State Transactions

- FBI Creates New Role to Focus on Cybercrime

- Excerpt from Second Circuit Rules Patriot Act Does Not Authorize Bulk Metadata Collection; Congress Reconsiders Certain Patriot Act Authorities:

In ACLU v. Clapper, the Second Circuit holds that Section 215 of the USA Patriot Act does not permit the wholesale collection and storage of certain telecommunications metadata, calling into question the viability of existing intelligence collection programs as Congress prepares to revisit that portion of the statute.

On May 7, 2015, amidst the ongoing Congressional debate surrounding reauthorization of three provisions of the Patriot Act, the Second Circuit decided in ACLU v. Clapper that Section 215 of the Act does not authorize the National Security Agency’s (NSA) telephone metadata collection program. With all three provisions expiring on May 31, 2015, the Senate met that day to determine whether to let those authorities expire, modify them or extend those provisions briefly while the debate continues. As a result of a procedural block by Sen. Rand Paul of Kentucky, the authorities expired, but Congress is expected to vote again on these issues during the first week of June 2015.

The NSA program first came to light in June 2013 based on information leaked by former government contractor Edward Snowden. Under the program, telecommunications operators are ordered to produce to the NSA all telephone metadata for calls within the U.S. or from the U.S. to foreign points on a daily basis. This collection is performed pursuant to Section 215, which authorizes the government to collect “any tangible things” shown to be “relevant to an authorized investigation” of terrorism or espionage. The government then uses the resulting metadata database as the underlying source queried for information that it suspects is related to specific terrorist organizations.