Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Evan D. Wolff

Subscribe to all posts by Evan D. Wolff

2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas

Posted in Accessibility, Criminal Law, Government Agencies, Information Management, Privacy, Transnational Discovery
The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data… Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Economic Espionage: A Real Risk for Universities

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Technology Coalition tells the President: Encryption Back Doors are a Bad Idea

Posted in Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Privacy
In an open letter to President Obama, 143 of the nation’s most well-known businesses, trade associations, academics, and organizations urged the President to promote strong encryption technologies. The letter was prompted by recent law enforcement (including the FBI and NSA) advocacy for built-in government access to encrypted data despite a December 2013 recommendation by the… Continue Reading

Join Us for OOPS 2015! Cybersecurity Risk Management: The View from Washington and Beyond

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Information Management, Internet of Things, Privacy, Public Sectors
Crowell & Moring would like to invite government contractors to ring-side seats for the fight of the year – Congress v. the White House.  This year’s Ounce of Prevention Seminar (OOPS) will focus on the dynamic interplay between the opposite ends of Pennsylvania Avenue and how it will ultimately impact government contractors across the industry.… Continue Reading

Cyber Executive Order Continues the Push for Public-Private Partnerships

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and also… Continue Reading

President Obama Announces Major Cyber and Privacy Legislation

Posted in Criminal Law, Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed… Continue Reading

Industry Collaborations on Cybersecurity: Protecting Against Antitrust Violations

Posted in Cybersecurity / Data Security, Government Agencies
As we near the one-year anniversary of the now infamous Target breach, more and more companies are coming to grips with the new reality that computer crime is a cost of doing business. Facing mounting pressure from customers and regulators alike, many are scrambling to find new ways to avoid becoming victims. In the most… Continue Reading

FDA Publishes Cyber Guidance for Medical Devices

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
The FDA recently passed down a set of guidelines governing the cybersecurity of medical devices. The guidelines, which are the first of its kind, were issued in response to the FDA’s recognition of the particular security concerns involved in the handling of sensitive medical information. The recommendations vary based on the specific vulnerabilities of each… Continue Reading

Legal Careers in Cybersecurity, Homeland Security, and Privacy: An Evening of Networking and Discussions with the Experts on How They Arrived

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
Hackers, terrorists, and cyber criminals have ignited escalating threats to cybersecurity, homeland defense, and privacy largely unanticipated to the legal profession a generation ago. Today, lawyers must grapple with the intersection of technology, information governance, and law, navigating unprecedented legal challenges and crafting practical solutions on the emerging cyber, homeland, and privacy frontiers. On behalf… Continue Reading

DOJ and FTC Pave the Way for Greater Cyber Information Sharing in the Private Sector

Posted in Cybersecurity / Data Security, Government Agencies
In coordination with Crowell & Moring Antitrust partner David Laing — Evan Wolff, Liz Blumenfeld, and I have recently published an article in the BNA Antitrust & Trade Regulation Report entitled “DOJ and FTC Help Pave the Way For Greater Cyber Information Sharing in the Private Sector.” Our article focuses on the DOJ and FTC’s… Continue Reading

Cyber Storms on Horizon: More Hackers, Regulators, and Litigation

Posted in Cloud Computing, Cybersecurity / Data Security, Data Breach, Government Agencies, Public Sectors, Rules
Cybersecurity’s escalating threats, intensifying oversight, and expanding publicity in recent years exploded in 2013. It was a year bookended by President Obama’s cybersecurity warnings in his State of the Union message and the mega-breaches at Target and Neiman-Marcus. And it gave us a cyber panorama – the Cybersecurity Executive Order; industry security reports of massive… Continue Reading

Florida Continues Trend to Strengthen Breach Laws

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Public Sectors
On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now… Continue Reading

DOJ and FTC State that Antitrust is Not a Roadblock to Cybersecurity Information Sharing

Posted in Cybersecurity / Data Security, Government Agencies
The Department of Justice and the Federal Trade Commission on April 10 issued Antitrust Policy Statement on Sharing of Cybersecurity Information, a joint policy statement that provides critical infrastructure industries the clarity they need to share cybersecurity information among themselves to combat cyber threats without violating the antitrust laws those agencies enforce. The agencies note… Continue Reading

Wyndham Decision Upholds FTC Authority to Regulate Data Security

Posted in Cybersecurity / Data Security, Government Agencies
In a much-anticipated decision, the U.S. District Court for the District of New Jersey upheld the FTC’s authority to regulate data security practices by denying Wyndham Worldwide Corporation’s motion to dismiss challenging the FTC’s authority to pursue unfair and deceptive trade practices claims arising from a cyber breach. The complaint against Wyndham asserts that Wyndham’s… Continue Reading

Another University Data Breach Adds to Growing Trend

Posted in Cybersecurity / Data Security, Data Breach
The University of Maryland announced on February 19th that it is the most recent university to fall victim to a data breach. According to the University’s President, UM was the target of a “sophisticated” computer attack that exposed the personally identifiable information (PII) of over 300,000 individuals. Specifically, the hack targeted records that relate to the University’s… Continue Reading

The “Cyber Framework” Arrives

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in the draft version and provides a blueprint to align cybersecurity efforts (along with the accompanying Roadmap document with… Continue Reading

New DFARS Safeguards and Reporting Requirements

Posted in Cybersecurity / Data Security, Government Agencies, Government Contracting, Government Regulations & FISMA
A DFARS final rule (Nov. 18, 2013) on the safeguarding of unclassified, controlled technical information requires contractors, among other things, to report within 72 hours of discovery any “cyber incident” (an action that results in an actual or potentially adverse affect on an information system and/or the information residing therein), preserve relevant data for at… Continue Reading

New Building Block in the Cybersecurity Framework

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Public Sectors
Adding another building block to implementation of the President’s cybersecurity executive order issued in February 2013, the Department of Commerce’s National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework on October 22, 2013. As discussed in greater detail in the attached Bullet Analysis by David Bodenheimer, Evan Wolff, and Eliot Golding, this… Continue Reading