On June 15, Texas Gov. Greg Abbott signed a bill that explicitly allows self-driving cars on the state’s roads and highways, regardless of whether a human is physically present. While there was no ban on driverless cars, Texas law did not explicitly permit them either. This created a grey area of the law that fueled

Jeffrey L. Poston
Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).
Judge Approves Neiman Marcus Data Breach Settlement
Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any…
Nevada Enacts Internet Privacy Regulation
On June 12, Nevada Gov. Brian Sandoval (R) signed into law a bill requiring the operator of an Internet website to disclose the type of information it collects on Nevada residents. Under the law, any company or person who (1) owns or operates an Internet website or online service for commercial purposes, (2) collects information…
Data Breach Class Action Dismissed for Not Establishing Economic Injury
Earlier this week, a federal Illinois court dismissed a class action against book retailer Barnes & Noble that alleged breach of contract, invasion of privacy, and violations of state consumer fraud and breach reporting laws. The case, dismissed for failing to establish economic harm, marks another data point in demarcating actionable data breaches and highlights…
Supreme Court to Hear Major Cellphone Privacy Case
Yesterday, the Supreme Court announced that it will hear a case with significant ramifications for privacy in the digital age. The case involves a man convicted of armed robbery based in part on cellphone location data obtained without a probable cause warrant. The conviction was appealed at the Sixth Circuit Court of Appeals, which held…
The PRC Cybersecurity Law Takes Effect
The first comprehensive data protection framework in China’s history, the PRC Cybersecurity Law, takes effect today, June 1, 2017, despite concerns from businesses around the world about the law’s stringency and scope. The law will carry with it the authority to impose fines up to approximately $145,000.00 per violation in addition to various administrative and…
CFAA Conviction for Accessing and Damaging Former Employer’s Computer System
Last week, a federal court sentenced a former systems administrator convicted of accessing his former employer’s computer network and uploading malicious code designed to disrupt and damage the company’s manufacturing operations.
Brian P. Johnson worked for years as an information technology specialist and systems administrator at Georgia-Pacific’s Port Hudson, LA facility. In February 2014, Georgia-Pacific…
2nd Circuit: Government Cannot Force Companies to Hand Over Communications Data Stored Overseas
The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant. This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data …
Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing
One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice. This week, the Court heeded that request, granting certiorari. In doing so, it has paved the way for yet another decision by the highest court on how the issue of standing plays out in the context of privacy violations.
Plaintiff Thomas Robins sued Spokeo under the FCRA after the data broker allegedly published false information about him without his knowledge. Interestingly, Robins claims that the information falsely stated that he had more education than he actually did and that he was in a better financial position than he actually was. But according to Robins’s complaint, these false facts made it more difficult for him to find employment, credit, or insurance and thus caused actual harm. He seeks to represent a class of individuals whose personal information has been similarly misstated. …
Continue Reading Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing
Privacy Takes Center Stage for Private and Public Sectors Alike
Over the past year, privacy concerns have played an increasingly critical role in influencing how government and the private sector think about information collection, use, and disclosure. With the rapid pace of technological advancements – and the complex issues that accompany developments such as the Internet of Things, cloud technology, and “big data” analytics –…