Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Cybersecurity / Data Security

Subscribe to Cybersecurity / Data Security RSS Feed

DOJ Asks Supreme Court to Resolve Split over Its Ability to Compel Foreign Records

Posted in Criminal Law, Cybersecurity / Data Security
U.S.-based technology companies and courts across the country have disagreed over the extraterritorial application of the Stored Communications Act in allowing U.S. law enforcement to enforce warrants to reach data stored overseas.  Some courts have treated the data stored overseas as a “physical” object  and, therefore, refused to extend the reach of the Act abroad. … Continue Reading

New Jersey Restricts Retailers’ Collection and Use of Customer Information

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on customers’ driver’s… Continue Reading

FBI and FTC on Privacy Risks Stemming from “Smart” Toys

Posted in Advertising & Product Risk Management, Cybersecurity / Data Security, Privacy
Earlier this month, the Federal Bureau of Investigation (FBI) issued a public comment about privacy, cybersecurity, and safety risks associated with internet-connected toys.  The FBI’s comment builds on the Federal Trade Commission’s recent amendment to the Children’s Online Privacy Protection Act (COPPA), which explicitly states that connected toys are deemed “websites or online services” subject… Continue Reading

Recent IoT Device Cases

Posted in Advertising & Product Risk Management, Cybersecurity / Data Security, Litigation
“There are many ways to surveil each other now, unfortunately,” including “microwaves that turn into cameras, et cetera.  So we know that that is just a fact of modern life.”  Kellyanne Conway, March 12, 2017 Interview with New Jersey’s The Record. Data from microwaves-turned-cameras has yet to appear in court, but data from other IoT devices… Continue Reading

FTC Submits Public Comment to Working Group Tasked with Developing Guidance on IoT Security, Upgradability, and Patching

Posted in Cybersecurity / Data Security, Data Breach, Internet of Things
On June 19, 2017, the Federal Trade Commission (FTC) issued a public comment regarding the National Telecommunications & Information Administration’s (NTIA) draft guidance titled Communicating IoT Device Security Update Capability to Improve Transparency for Customers.  In commenting on the guidance, the FTC acknowledged the benefits of and challenges to IoT device security, and encouraged manufacturers… Continue Reading

Judge Approves Neiman Marcus Data Breach Settlement

Posted in Cybersecurity / Data Security, Data Breach
Last week, an Illinois judge preliminarily approved a $1.6 million settlement between Neiman Marcus and a class of customers affected by a 2013 data breach. The settlement, which the parties agreed to in March, covers U.S. residents whose credit card or debit card was used between July 16, 2013 and January 10, 2014 at any… Continue Reading

The PRC Cybersecurity Law Takes Effect

Posted in Cybersecurity / Data Security, Government Regulations & FISMA
The first comprehensive data protection framework in China’s history, the PRC Cybersecurity Law, takes effect today, June 1, 2017, despite concerns from businesses around the world about the law’s stringency and scope. The law will carry with it the authority to impose fines up to approximately $145,000.00 per violation in addition to various administrative and… Continue Reading

Gunning For An Anonymous Internet Defamer or Infringer’s Identity …

Posted in Advertising & Product Risk Management, Cybersecurity / Data Security, Litigation
… outside your main jurisdiction can have collateral consequences. In Gunning v. Doe, 2017 WL 1739442 (Me. May 4, 2017), Maine’s highest court just dodged the issue of the applicable First Amendment test for the disclosure of an anonymous speaker accused of defamation.  Instead, it deferred to California’s test.  Why?  Collateral estoppel:  the defamation plaintiff… Continue Reading

Can You Copyright Infringe Anonymously?

Posted in Advertising & Product Risk Management, Cybersecurity / Data Security, Litigation
Yesterday, the Sixth Circuit heard an anonymous copyright infringement case of first impression. See Signature Management Team, LLC v. Doe, No. 16-2188 (6th Cir.). The issue: whether an adjudicated copyright infringer can remain anonymous. The infringer said he can. “John Doe” appeared in the case through counsel and defended against Signature’s infringement claim. He lost.… Continue Reading

What’s Next For Federal Anti-SLAPP Legislation

Posted in Cybersecurity / Data Security, Government Regulations & FISMA
Congress may re-introduce federal anti-SLAPP legislation this session.  Similar bills in 2009, 2012, and 2015 never made it out of committee.  Our Law360 article identifies several areas to improve on a fourth attempt to enact a universal anti-SLAPP law.  The article also highlights the constant battle between First Amendment rights and rights to protect one’s… Continue Reading

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

CFAA Conviction for Accessing and Damaging Former Employer’s Computer System

Posted in Cybersecurity / Data Security
Last week, a federal court sentenced a former systems administrator convicted of accessing his former employer’s computer network and uploading malicious code designed to disrupt and damage the company’s manufacturing operations. Brian P. Johnson worked for years as an information technology specialist and systems administrator at Georgia-Pacific’s Port Hudson, LA facility.  In February 2014, Georgia-Pacific… Continue Reading

December 2016 Monthly Update

Posted in Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Health IT, Privacy, Rules
Kansas Judge Rules that Class Action over CareCentrix Data Breach may Proceed On December 19, 2016, in Hapka v. Carecentrix, the United States District Court for the District of Kansas denied CareCentrix, Inc.’s (CareCentrix) motion to dismiss a class action suit arising from a data breach affecting CareCentrix’s personal and tax information regarding thousands of… Continue Reading

Illinois’ First Settlement under Biometric Law; AMA Adopts Principles for Mobile Health Apps; Ecuador to Enact Data Privacy Law

Posted in Cybersecurity / Data Security, Data Breach, Health IT
Illinois State Court Issues First Settlement under Biometric Law On December 1, 2016, the Cook County Circuit Court in Illinois approved what is being reported as the first settlement under the state’s Biometric Information Privacy Act, 740 ILCS 14/1 (BIPA or the Act).  BIPA provides a private right of action against companies that fail to… Continue Reading

Privacy-Cybersecurity Weekly News Update—Week of November 20 and November 27

Posted in Cybersecurity / Data Security, Data Breach, Privacy
Discussion headlines: UMass settles alleged HIPAA violations; FCC combatting robotexts and robocalls; TCPA class certification; failed investor suit over data breach; UK surveillance bill became law UMass pays $650,000 to settle alleged HIPAA violations The University of Massachusetts Amherst (UMass) reached an agreement to pay $650,000 to settle alleged HIPAA violations based on the disclosure… Continue Reading

Privacy-Cybersecurity Weekly News Update—Week of November 13

Posted in Cybersecurity / Data Security, Internet of Things
Discussion headlines:  New guidelines for IoT; Russia blocks access to LinkedIn; Standing under the TCPA; Long distance search warrant power The DHS and NIST Release Guidelines for the IoT This week, both the Department of Homeland Security and the National Institute of Standards and Technology released a set of guidelines intended to secure the IoT. … Continue Reading

Alabama District Court Relieves Carrier of a Duty to Defend or Indemnify Policyholder Following Data Breach

Posted in Cybersecurity / Data Security, Data Breach, Insurance, Privacy
On October 25, in the case of Camp’s Grocery, Inc. v. State Farm Fire & Casualty Company, the District Court for the Northern District of Alabama granted summary judgment in favor of State Farm Fire and Casualty Company (“State Farm”), concluding that State Farm did not have to defend or indemnify its policyholder, Camp’s Grocery… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 22

Posted in Cybersecurity / Data Security
FCC adopts privacy rules; Privacy Shield challenge; Amendments to EU data transfer decisions; FTC data breach guidance; DOT vehicle cybersecurity best practices; HHS guidance on HIPAA and FTC compliance FCC approves privacy rules for broadband providers In a 3-2 vote, the Federal Communications Commission approved new rules governing internet service providers’ collection and use of… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 15

Posted in Cybersecurity / Data Security
Hospital pays $2.1MM HIPAA settlement; Dynamic IP addresses protected under EU laws; EU guidance on GDPR coming soon; California’s new privacy compliance tool; banking regulators consider cybersecurity; FCC privacy proposal comments; OMB’s new privacy office; DFARS finalizes Safeguarding Rule Hospital pays $2.1M to settle alleged HIPAA violations St. Joseph Health, a California-based health system, reached… Continue Reading

Internet of Things Raises Complex Insurance Coverage Issues

Posted in Cybersecurity / Data Security, Data Breach, Insurance
In a recent Law360 publication, C&M attorneys Rachel Raphael and Ellen Farrell discuss how the Internet of Things (IOT) can present complex insurance coverage issues.  As they explain, the tangible and intangible nature of IOT products can cause particular confusion between traditional general liability policies (which may exclude coverage for cyber incidents) and stand-alone cyber… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of Oct 8

Posted in Cybersecurity / Data Security
Guidance on HIPAA & cloud computing; Senators question FTC enforcement standards HHS publishes guidance on HIPAA’s impact on cloud computing This week, the Department of Health and Human Services issued guidance for HIPAA-covered entities and business associates regarding cloud computing.  When a covered entity seeks to use cloud services in connection with the use and/or… Continue Reading

Privacy & Cybersecurity Weekly News Update – Week of October 3

Posted in Cybersecurity / Data Security
FCC broadband privacy proposal; Potential challenge to FTC privacy enforcement power FCC to consider broadband privacy proposal On October 6, the Chairman of the Federal Communications Commission (FCC) issued proposed rules that would impose on broadband providers privacy regulations similar to those implemented and enforced by the Federal Trade Commission (FTC).  The proposal calls for… Continue Reading

Privacy & Cybersecurity Weekly News Update

Posted in Cybersecurity / Data Security, Health IT, Privacy
Hamburg DPA orders WhatsApp to stop sharing data with Facebook; GAO: HHS Needs to Improve is Digital Health Protection Rules; Notice and Choice Becoming Par for the Course for Interest-Based-Ads in Apps German Data Protection Authority of Hamburg orders WhatsApp to stop sharing data with Facebook On September 27, 2016, the Hamburg Commissioner for Data… Continue Reading