Oregon has recently passed a new cybersecurity statute, joining California in requiring manufacturers of “connected devices” to equip qualifying technology with “reasonable security features.” The new law will go into force on January 1, 2020. For further analysis, visit our recent client alert.

The European Union’s (“EU”) General Data Protection Regulation (“GDPR”) turned one year old on May 25th. European data protection regulators celebrated by continuing to work through a rising number of complaints and infractions, and by stepping up their monitoring for violations. US companies are directly in the crosshairs. Whether based in the EU or not, a company is potentially subject to the GDPR (and its stiff fines up to 4% of annual global revenue) if it offers goods or services to data subjects located in the EU, or monitors individuals’ online behavior or personal information in the EU. This means that a US company engaged in the common business practice of collecting data from its EU customers must assess and implement business practices to ensure GDPR compliance.

The US and EU engaged in approximately $1.3 trillion dollars in trade last year. With that level of economic activity, and accompanying data flows, many US companies should already have in place the basic structures for GDPR compliance. However, recent surveys suggest that a significant number of companies impacted by the GDPR are still grappling with compliance. In a recent Forrester Research study, “Security Through Simplicity,” over half of the responding IT decision-makers revealed that their companies had not yet carried out even basic GDPR compliance steps such as vetting third-party vendors, hiring data protection officers, training employees, setting up mechanisms for the “72-hour data breach notification” requirement, and collecting evidence and documenting efforts to address GDPR compliance risks. Further, only about 4,650 US companies are currently registered and self-certified with the EU-US Privacy Shield framework (compared to the over 100,000 mid- to large-sized companies in the US, according to business census data). Such certification goes a long way toward permitting a US company to receive certain EU data in a GDPR compliant manner.

Continue Reading At the GDPR’s First Anniversary, the Impact on US Companies Grows

The District of Columbia Bar Rules of Professional Conduct Review Committee (“Committee”) recently released recommended changes to D.C. Bar rules 1.1, 1.6, and 4.4 to address the increased focus and evolving landscape of E-Discovery and technology in law. All D.C. practitioners should take notice of these potential rule changes, and ensure they stay current—or engage those with appropriate expertise—on these quickly changing areas of practice.

The proposed changes are as follows: Continue Reading Amendments Proposed To D.C. Rules of Professional Conduct to Address

As the country’s new Congress settles into its term, several technology issues are coming to the forefront. A number of Senators recently questioned the Department of Justice over how it is collecting cellphone-location data in the wake of the Supreme Court’s landmark Carpenter decision. Carpenter v. United States, 138 S. Ct. 2206 (2018). The House of Representatives is considering a renewed version of legislation that would strengthen the security of “Internet of Things” technologies used by the federal government. And politicians and pundits throughout Capitol Hill are asking whether this will be the year that comprehensive federal privacy legislation becomes law. As it turns out though, some of the nation’s top courts are already tackling these tough issues. In fact, the Seventh Circuit’s opinion last year in Naperville Smart Meter Awareness v. City of Naperville, 900 F.3d 521 (7th Cir. 2018), has received relatively little reporting, but its impact will be broad when it comes to how courts interpret the Fourth Amendment in the era of big data.

In Naperville, the Seventh Circuit heard an appeal concerning the city’s “smart meter” program. Without residents’ permission, Naperville had been replacing traditional energy meters on its grid with “smart meters” for homes. Each smart meter collected thousands of readings a month, as opposed to just the previous single monthly readings. According to the plaintiffs, the repeated readings of the smart meters collected data at such a granular level that they revealed what appliances were present in homes and when they were used. Considering the potential privacy impact, the Seventh Circuit found that Naperville’s collection of smart meter data from residents’ homes constituted a “search” under the Fourth Amendment. Continue Reading Seventh Circuit Wades into Big Data Case Law

The U.S. Department of Justice released revisions to the Foreign Corrupt Practices Act corporate enforcement policy on March 8, 2019. While intended to clarify the DOJ’s position on a number of hot-button issues, including its controversial stance on certain instant-messaging software, a closer look reveals that these changes fall short of answering several key questions faced by companies seeking cooperation credit in FCPA matters. For more information, read this Law360 article written by Crowell & Moring’s Derek Hahn, Dalal Hasan, Tom Hanusik, and Steve Byers. 

Link to full reprint:  https://www.law360.com/articles/1141921

 

EDRM and the Bolch Judicial Institute at Duke Law recently released Technology Assisted Review (TAR) Guidelines (Guidelines) with the aim “to objectively define and explain technology-assisted review for members of the judiciary and the legal profession.” Among the topics covered are the validation and reliability measures practitioners can use to defend their TAR processes. This post summarizes this validation and reliability guidance, which has the potential to be a widely-referenced authority on this topic going forward.

According to EDRM, there are no “bright-line rules” governing what constitutes a reasonable review or one standard measurement to validate the results of TAR. Instead, principles of reasonableness and proportionality as set forth in FRCP Rule 26 generally guide the inquiry. Continue Reading EDRM’s TAR Guidelines: Validity Measures and Considerations for Practitioners

The Department of Defense recently released a memorandum directing the Defense Contract Management Agency (DCMA) to implement and assess company-wide cyber compliance with the DFARS Safeguarding Clause and related security standard, NIST SP 800-171.  For further analysis, visit our Government Contracts Legal Forum blog post.

“In-house attorneys should aggressively deploy the technology that’s all but taken for granted in legal operations to map out litigation strategies, and failing to do so increasingly means losing out to savvier adversaries, according to a report released Wednesday by Crowell & Moring LLP.”

To read the full Law360 article, please click here.

E-discovery does not sit still. To provide high-level service, practitioners necessarily deal with legal technology at the bleeding edge of development. This involves the embrace of nascent artificial intelligence (AI) in combination with other analytic tools and techniques to tackle increasingly challenging discovery projects. As ever-expanding volumes and sources of information strain the capacity of counsel to manage discovery, AI is coming just in time.

To read the full article on Crowell’s website, please click here.

WELCOME TO YOUR NEW WAR ROOM. TAKE A LOOK AT OUR LITIGATION FORECAST COVER STORY TO SEE HOW COMPANIES ARE USING TECHNOLOGY TO ADVANCE LITIGATION CASE STRATEGY

Crowell & Moring has issued its seventh-annual “Litigation Forecast 2019: What Corporate Counsel Need to Know for the Coming Year.” 

The Forecast cover story, Welcome to Your New War Room: How Technology Is Finding Its Way into Litigation Case Strategy,” explores how companies and law firms are leveraging technology to improve their legal operations and litigation strategy.

The section on Privacy & Cybersecurity, “Targeted Data Privacy Laws Increase Risk,” examines how data privacy has been a growing source of class action litigation for some time and how recently enacted state laws are now opening the door to new areas of risk.

The Forecast focuses on how technology is impacting the practice of law and litigation case strategy in particular, and provides forward-looking perspectives on technological developments that can help corporate counsel identify the many opportunities and challenges ahead as they harness its power.

Be sure to follow the conversation on Twitter with #LitigationForecast.