Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Information Management

Subscribe to Information Management RSS Feed

President Obama Announces Major Cyber and Privacy Legislation

Posted in Criminal Law, Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed… Continue Reading

Snapchat Settlement Highlights Continued FTC Scrutiny of Privacy and Security Representations

Posted in Cybersecurity / Data Security, Data Breach, Government Regulations & FISMA, Information Management, Privacy, Sanctions
The Federal Trade Commission (FTC) has been at it again, settling on December 31, 2014 with Snapchat over privacy and data security concerns stemming from its text and video mobile messaging services. The settlement is instructive for gauging the FTC’s enforcement priorities and illustrates the steep costs a company can face when the FTC alleges… Continue Reading

Tough New Privacy Protections in California

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
California Governor Jerry Brown has signed into law Assembly Bill 1710, which includes new personal information protections that affect all businesses that “own, license, or maintain personal information about Californians.” In what may be a sign of things to come for other jurisdictions, the new law includes the nation’s first mandatory state requirement for breached… Continue Reading

Technology Assisted Review Finally Enters the Spotlight

Posted in Information Management, Technology Assisted Review
After early concerns about the defending the results of the technology and whether courts would accept its use, Technology Assisted Review (“TAR”) has now entered the spotlight as an alternative to more traditional forms of document review. These technologies, commonly referred to as predictive coding, continue to win over both clients and counsel, who have… Continue Reading

BYOD Devices Create Many Challenges for Companies

Posted in Accessibility, Cloud Computing, Cybersecurity / Data Security, Data Breach, Information Management, Preservation, Social Media, Spoliation
In just the last few years, most companies – big and small – have embraced the Bring Your Own Device (BYOD) movement at varying levels from allowing employees to access company email on their personal smartphones all the way to not issuing company-owned computers and instead having employees bring in their personal laptops to access… Continue Reading

Information Governance Takes Center Stage

Posted in Cybersecurity / Data Security, Information Management, Privacy
Information Governance” has become a popular buzzword in the data law and management space, and it means much more than electronic records management on steroids. It encompasses data security, privacy, information management and e-discovery, and particularly the intersection and synergy of these functions to form an integrated and coordinated approach to managing an organization’s data… Continue Reading

Crowell & Moring Releases “Data Law Trends & Developments” and Announces Expanded “Data Law Insights” Blog

Posted in Accessibility, Admissibility, Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Preservation, Privacy, Privilege/Rule 502, Proportionality, Public Sectors, Rules, Sanctions, Social Media, Spoliation, Technology Assisted Review, Transnational Discovery
We are pleased to announce the publication of a report titled “Data Law Trends & Developments: E-Discovery, Privacy, Cyber-Security & Information Governance.” The report explores recent trends and anticipated future developments on critical issues related to the intersection of technology and the law, which affect a wide range of companies and industries. In addition, the… Continue Reading

What to Know About Data Broker Legislation

Posted in Government Agencies, Information Management, Public Sectors
The Federal Trade Commission recently issued the findings of its long-awaited Data Brokers Report, which compiled information gathered from nine data brokers commissioned for the study in December 2012. The purpose of the Report, which examined data brokers catering to the product marketing, risk mitigation, and people search industries, is to advocate for greater transparency… Continue Reading

What You Should Know About the Changing U.S.-EU Safe Harbor Agreement

Posted in Cybersecurity / Data Security, Information Management, Transnational Discovery
The July 2000 Safe Harbor agreement between the United States and Europe concerning cross-border data flows is one of the key regulatory structures governing how organizations can collect, store, move, and use the massive amount of personal data generated in our interconnected world. Fourteen years after its inception, the agreement is under increasing strain from… Continue Reading

Bloomberg Terminal: How Financial Services Firms Need to Adapt to Regulators’ Favorite New Source of Electronic Evidence

Posted in Criminal Law, Government Agencies, Information Management, Social Media
Emails often provide key evidence in conspiracy-related investigations and subsequent litigation. More recently, social media and text messages have provided additional evidence for such matters. In response, most companies have enacted policies to educate their employees about using these communication mediums. However, recent antitrust investigations and federal lawsuits in the financial services industry are utilizing… Continue Reading

Controlling Litigation Expense and Exposure Through Appropriate Self-Help

Posted in Cloud Computing, Cooperation/Meet & Confer, Information Management, Social Media, Technology Assisted Review
I recently published an article for InsideCounsel addressing ways companies can reduce risk and costs in litigation. I advocate appropriate self-help. Unfortunately, the courts, regulators, and legislators have not fully kept up with the extraordinary pace of technological developments, the proliferation of ESI, and the growing use of social media, cloud computing, and other ESI-related… Continue Reading

Protecting Confidential Information: Taking Appropriate Steps to Avoid Sanctions

Posted in Cooperation/Meet & Confer, Ethics, Information Management, Sanctions
A colleague and I recently published an article in BNA’s Digital Discovery & e-Evidence® discussing the recent sanctions against Quinn Emanuel Urquhart & Sullivan LLP, in Apple, Inc. v. Samsung Electronics Co. Ltd, et. al., 5:11-cv-01846 (N.D. Cal. Jan. 29, 2014). Our article, “Protecting Confidential Information: Lessons from the Apple v. Samsung Firestorm,” tells a… Continue Reading

ABA Cyber on the Hill with Congressional Staff (Nov. 7)

Posted in Cloud Computing, Cybersecurity / Data Security, Government Agencies, Information Management, Privacy
As the cyber threats continue to escalate sharply, Congress confronts a host of daunting tasks for bolstering cybersecurity, such as: balancing security while maintaining privacy; enhancing public-private partnerships while keeping information safe; and assuring accountability while maintaining flexible and agile security standards. At noon on November 7, Staff members from four Senate and House committees… Continue Reading

Reflection on Personal Jurisdiction in E-Communications

Posted in Cloud Computing, Information Management, Rules, Social Media
Earlier this month, I was a panelist on a webinar on Personal Jurisdiction From E-Communications: Social Media, Email, IM and Cloud Computing along with Mark McGrath of Sheppard Mullin. Our panel focused on the evolving landscape of personal jurisdiction in the online world starting with the advent of the internet to leading up to the… Continue Reading

Bring Your Own Device (BYOD) Policies Also Bring Risk And Cost

Posted in Accessibility, Admissibility, Cloud Computing, Cybersecurity / Data Security, Information Management, Preservation, Privacy, Sanctions, Social Media, Spoliation
On June 20, 2013, I participated in a one-hour webinar regarding “Bring Your Own Device” (or BYOD) policies. I addressed certain e-discovery issues involving BYOD policies. An audio recording and instructional slides are available here for those who missed it. The webinar was part of a monthly series entitled Third Thursday – Crowell & Moring’s… Continue Reading

Indiana Federal Judge Declines to Order Defendants to Re-Do Discovery Based on Keyword Searches Followed by Predictive Coding

Posted in Cooperation/Meet & Confer, Information Management, Proportionality, Rules
Ever since Magistrate Judge Peck’s decision last year in Da Silva Moore v. Publicis Groupe SA, 2012 WL 607412 (S.D.N.Y. Feb. 24, 2012), there has been an increasing stream of orders and opinions weighing in on the use (or proposed use) of predictive coding. With each opinion, a new wrinkle appears, further shaping how parties… Continue Reading

Upcoming Event: Personal Jurisdiction From E-Communications: Social Media, Websites, Email, IM and Cloud Computing

Posted in Cloud Computing, Information Management, Rules, Social Media
On June 12, I will be serving a speaker for a webinar hosted by Stafford Publishing entitled “Personal Jurisdiction From E-Communications: Social Media, Websites, Email, IM and Cloud Computing.” Here is what we will be discussing: The Internet has changed how courts view personal jurisdiction over defendants sued in a particular forum. Courts must now… Continue Reading

Putting the SEC Spotlight on Corporate Cyber Risks

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Information Management, Privacy, Public Sectors, Rules
As the latest 10-K filing period for corporations draws to a close, the Securities and Exchange Commission (SEC) is expected to intensify its scrutiny on whether companies’ filings adequately disclose both information security breaches that occurred in the past, and the material risks due to cyber threats such companies face in the future. Since the… Continue Reading

ESI in Government Investigations and Criminal Matters (VIDEO)

Posted in Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Privacy, Social Media, Spoliation
Back in February, I spoke at the at the Richmond Journal of Law and Technology’s annual symposium, titled “E-Discovery: A New Frontier.” During my presentation, I discussed many of the new and cutting edge issues facing practitioners in government investigations and criminal litigation, including pre-indictment practice, various constitutional issues, privacy, and various issues relating to… Continue Reading

Social Media Evidence in Government Investigations and Criminal Proceedings

Posted in Admissibility, Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Ethics, Government Agencies, Information Management, Preservation, Privacy, Rules, Sanctions, Social Media, Spoliation
In conjunction with the Richmond Journal or Law and Technology’s annual survey, Adrian Fontecilla and I have published a new article: Social Media Evidence in Government Investigations and Criminal Proceedings. The article provides an in-depth look at many of the cutting edge issues raised by social media in government investigations and the criminal context, including… Continue Reading

Apps on Smart Devices and Data Protection: February 27, 2013 Opinion of the Article 29 Working Party Provides Valuable Guidance

Posted in Cybersecurity / Data Security, Information Management, Privacy, Social Media, Transnational Discovery
Apps on mobile devices collect large quantities of data from the device and process these (i) in order to provide services to the end-user, but also (ii) for other purposes that are often unknown or unwanted by the end-user. Many of the data processed, such as location data, contact data, unique device and customer identifiers,… Continue Reading

Allegation of Data Breach Alone Insufficient to Sustain Claim Based on Inadequate Cybersecurity

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On March 6, 2013, the United States District Court for the Northern District of California held that a putative class of LinkedIn premium users lacked standing to pursue state law unfair competition, breach of contract, and negligence claims resulting from a hacking incident. The court dismissed the complaint, concluding that the plaintiffs failed to establish… Continue Reading

HIPAA Final Rule Applicable to Cloud Providers and Data Vendors

Posted in Cloud Computing, Cybersecurity / Data Security, Government Regulations & FISMA, Information Management, Privacy
The Health Insurance Portability and Accountability Act (HIPAA) final rule published on January 25, 2013 contains important changes that affect data management organizations, such as cloud providers. In many cases, entities that have access to health information will be considered “Business Associates.” Such entities would therefore be required to comply with HIPAA’s extensive security provisions… Continue Reading

Reflections on the Richmond Journal of Law and Technology’s Annual Survey and Symposium

Posted in Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Ethics, Government Agencies, Information Management, Privacy, Social Media, Spoliation
Last week, I was one of the featured speakers at the Richmond Journal of Law and Technology’s annual symposium, titled “E-Discovery: A New Frontier.” I discussed many of the new and cutting edge issues facing practitioners in government investigations and criminal litigation, including pre-indictment practice, various constitutional issues, privacy, and various issues relating to social… Continue Reading