Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Riley: A New Realm of Digital Privacy

Posted in Cloud Computing, Criminal Law, Government Agencies, Privacy
Justin P. MurphyLouisa Marion

Recently, Louisa Marion and I analyzed the Supreme Court’s far-reaching decision in Riley v. California, 573 U.S. __ (2014), and its implications going forward. In Riley, Chief Justice Roberts concluded that today’s cell phones (which the Court called “minicomputers”) are fundamentally different than physical containers: their storage capacity is virtually unlimited; they contain a broad variety of information (photographs, texts, personal contacts, financial information, geolocation information, and search history, among others); they have long memories (often containing information predating the devices themselves); and they are gateway devices (that is, a portal to limitless other information, often through apps connected to the Cloud). The Court also found that traditional government interests in officer safety and preventing evidence destruction have little force when juxtaposed with the nature and scope of digital devices. These determinations are a sea-change for digital privacy, and implicate the treatment of electronically stored information in situations far beyond a cell phone in an arrestee’s hand. The decision, grounded in our Founding generation’s 18th century abhorrence of general warrants, is a reaffirmation of individual privacy rights against government intrusion, and leaves very little wiggle-room for warrantless searches of modern cell phones. In holding that “minicomputers” are subject to a different set of rules than physical containers, the Court has brought the Fourth Amendment into the digital age.

This article was reproduced with permission from Digital Discovery & e-Evidence, 14 DDEE 345, 07/17/2014. Copyright © 2014 by The Bureau of National Affairs, Inc.

DOJ and FTC Pave the Way for Greater Cyber Information Sharing in the Private Sector

Posted in Cybersecurity / Data Security, Government Agencies
David LaingEvan D. WolffElizabeth BlumenfeldKate M. Growley

In coordination with Crowell & Moring Antitrust partner David Laing — Evan Wolff, Liz Blumenfeld, and I have recently published an article in the BNA Antitrust & Trade Regulation Report entitled “DOJ and FTC Help Pave the Way For Greater Cyber Information Sharing in the Private Sector.” Our article focuses on the DOJ and FTC’s joint statement in April of this year, wherein the agencies articulated how private sector companies can share cybersecurity information without running afoul of U.S. antitrust laws. We also explain how this latest development fits into both the Obama Administration’s and private industry’s plans to shore up cybersecurity in the private sector.

This article was reproduced with permission from Antitrust & Trade Regulation Report, 107 ATRR 47, 07/11/2014. Copyright © 2014 by The Bureau of National Affairs, Inc.


BYOD Devices Create Many Challenges for Companies

Posted in Accessibility, Cloud Computing, Cybersecurity / Data Security, Data Breach, Information Management, Preservation, Social Media, Spoliation
Christopher Calsyn

In just the last few years, most companies – big and small – have embraced the Bring Your Own Device (BYOD) movement at varying levels from allowing employees to access company email on their personal smartphones all the way to not issuing company-owned computers and instead having employees bring in their personal laptops to access the company network. This trend shows no signs of slowing down as employees like the freedom to choose their own devices for work and personal use, and companies like the savings that BYOD policies bring to their IT budgets. This movement also brings with it a host of challenges for companies in implementing their BYOD policies, ensuring they protect confidential information, and in complying with their discovery obligations in litigation. In the “Data Law Trends & Developments: E-Discovery, Privacy, Cybersecurity & Information Governance”, at page 31, I address some of the challenges companies face in adopting a BYOD environment and make some predictions about how this trend will continue to evolve in the coming years.

Protecting Privilege Need Not Be So Expensive And Tedious

Posted in Privilege/Rule 502
David D. Cross

Protecting privilege continues to drive up costs in litigation and government investigations. The explosion in electronically-stored information has made matters worse by generating exponentially more documents to review and log as privileged. Unfortunately, the relief Congress sought to provide more than five years ago through the adoption of Federal Rule of Evidence 502 has not been realized to the degree intended. This is largely because many litigants and their counsel surprisingly still are not aware of the rule’s protections and many others are not yet comfortable taking advantage of those protections. But as clients continue to look for ways to trim litigation spending, privilege-related costs present low-hanging fruit. In the “Data Law Trends & Developments: E-Discovery, Privacy, Cybersecurity & Information Governance”, at page 34, I address some of the ways litigants can significantly cut these costs without unreasonably risking waiver. This includes such mechanisms as non-waiver orders (under Rule 502(d) in federal court), which can allow production of documents with limited or even no privilege review at all; technology-assisted review, which can identify potentially privileged documents in an intended production without full-scale manual review; and electronically-generated privilege logs using metadata, which avoids the tedious and extremely costly effort of manually-prepared logs. I predict that these and other novel mechanisms will grow in popularity and acceptance as litigants and the courts continue to look for ways to rein in rising costs. I hope you enjoy the report and welcome your feedback.

Cyber Storms on Horizon: More Hackers, Regulators, and Litigation

Posted in Cloud Computing, Cybersecurity / Data Security, Data Breach, Government Agencies, Public Sectors, Rules
David BodenheimerEvan D. Wolff

Cybersecurity’s escalating threats, intensifying oversight, and expanding publicity in recent years exploded in 2013. It was a year bookended by President Obama’s cybersecurity warnings in his State of the Union message and the mega-breaches at Target and Neiman-Marcus. And it gave us a cyber panorama – the Cybersecurity Executive Order; industry security reports of massive cyber looting of U.S. intellectual property and technology; the Iranian cyber attacks on U.S. banks; the Snowden breach of national security secrets; the proliferation of cybersecurity standards governing everything from private- and public-sector contracts to cloud computing; and the intensified scrutiny of federal agencies (including the SEC, FTC, and HHS) on security vulnerabilities and breaches. In our recent report, “Data Law Trends & Developments: E-Discovery, Privacy, Cybersecurity & Information Governance”, on page 6, we write about recent trends and developments in cybersecurity, and how the kaleidoscope of cyber events foretells even rougher weather for both the public and private sectors.

Evolving Legal Landscape of Social Media

Posted in Admissibility, Cybersecurity / Data Security, Ethics, Government Agencies, Preservation, Privacy, Social Media
Justin P. MurphyDavid D. Cross

Social media has become an ubiquitous means of communication in today’s society, with more than 90% of today’s online adults using social media regularly.  With this backdrop, it is no surprise that social media implicates an evolving legal landscape.  In the  “Data Law Trends & Developments: E-Discovery, Privacy, Cybersecurity & Information Governance”, on page 8, we address some of the important legal trends and developments involving social media, including the employer-employee relationship and discovery.  We hope you enjoy our report and find it insightful.


Florida Continues Trend to Strengthen Breach Laws

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Public Sectors
Jeffrey L. PostonEvan D. WolffRobin B. CampbellKate M. GrowleyElliot Golding

On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now includes medical information and email addresses with information that permit account access). The amendment coincides with other state efforts to strengthen or enact data protection laws, and federal regulator attempts to ratchet up enforcement efforts – such as the significant increase in FTC and HHS actions. FIPA therefore serves as a reminder that companies should update their policies and incident response plans accordingly and must continue to monitor the rapidly evolving patchwork of data laws. Perhaps more importantly, FIPA also indicates that states may continue to enact increasingly stringent laws in the absence of comprehensive national breach legislation. Please read the full alert analyzing the changes in FIPA (and what stayed the same) on Crowell’s website here.

Information Governance Takes Center Stage

Posted in Cybersecurity / Data Security, Information Management, Privacy
Jeane A. Thomas

Information Governance” has become a popular buzzword in the data law and management space, and it means much more than electronic records management on steroids. It encompasses data security, privacy, information management and e-discovery, and particularly the intersection and synergy of these functions to form an integrated and coordinated approach to managing an organization’s data infrastructure and assets. In our recent report, “Data Law Trends & Developments: E-Discovery, Privacy, Cybersecurity & Information Governance”, on page 4, I write about this growing trend toward convergence, the benefits of a holistic approach, and the risks of failing to have an effective information governance program.

Groundbreaking Ruling By the Supreme Court Finds for Digital Privacy

Posted in Cloud Computing, Criminal Law, Government Agencies, Privacy
Justin P. MurphyLouisa MarionJanet Levine

In an unexpectedly sweeping opinion, a nearly united Supreme Court today recognized the fourth amendment’s protection for digital privacy. Chief Justice Roberts’ opinion in Riley v. California is grounded on the Founders’ abhorrence of general warrants and unparticularized intrusions into our private lives. It highlights the pervasiveness of cell-phone (“minicomputer”) use, as well as the volume and breadth of data – current and historical – accessible through such devices. Continuing the sea-change started with Justice Sotomayor’s concurrence in Jones, and citing to John Adams, the Court voices deep concern about providing law enforcement warrantless windows into our lives, and skepticism about the government’s officer-safety and risk-of-evidence-destruction rationales. Recognizing the revolutionary nature of modern technology, the court affirms that cell phones are different and tells the government the answer to its concerns is “simple” – get a warrant.

We will be preparing a detailed analysis of this groundbreaking decision in the coming days, but given its importance, we wanted to make sure our readers were aware of it as soon as possible.


Hot Topics in Criminal E-Discovery

Posted in Criminal Law, Government Agencies, Privacy, Rules, Sanctions, Spoliation
Justin P. MurphyStephen M. Byers

As part of Crowell’s “Data Law Trends & Developments:  E-Discovery, Privacy, Cyber-Security & Information Governance,” Steve Byers and I examined the hottest topics in E-Discovery in Government Investigations and Criminal Litigation.  Our report begins on page 15, and explores recent trends in this rapidly expanding field and forecasts potential developments with Federal Rule of Evidence 502 in criminal matters.  We hope you enjoy our report and find it insightful.