Data Privacy Posts

Border Control’s Search of Electronic Devices

There have been reports of Customs and Border Protection (CBP) agents asking people entering the U.S. to unlock their electronic device and inspect it. More often than not, a refusal to hand over the device and passcode could result in it being seized and the person could be kept in physical detention for refusing to comply.

Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses

, and

A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI. As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.

Responding to Security Breaches

Security breaches remain big news, virtually every day. Executives and managers understand it is a question of “when,” not “if,” their companies will be targeted. Companies in all industries, as well as a host of other organizations, are affected. Hackers are engaged in ever more brazen schemes to gather personal and proprietary information for a variety of motives.

A Gaping Hole in Consumer Privacy Protection Law

Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. The result is that there is now a gaping hole in consumer privacy protection law.

12