Data Privacy Posts
There have been reports of Customs and Border Protection (CBP) agents asking people entering the U.S. to unlock their electronic device and inspect it. More often than not, a refusal to hand over the device and passcode could result in it being seized and the person could be kept in physical detention for refusing to comply.
In Minnesota v. Diamond, the Minnesota Court of Appeals affirmed an Order requiring a suspect to provide his fingerprint to unlock his cellphone was constitutional.
In Dittman v. UPMC, the plaintiffs brought a class action alleging UPMC was negligent in securing the data and breached an implied contract. A divided panel of the Pennsylvania Superior Court ruled that UPMC did not owe a legal duty to its current and former employees to protect their personal and financial information from hacking.
Three States Join Others to Expand Personal Information Definition to Include Usernames or Email AddressesMark L. Krotoski, Pulina Whitaker and W. Scott Tester
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI. As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.
The New York Department of Financial Services has released an extensively revised cybersecurity regulation applicable to the wide variety of financial services companies regulated by the NYDFS.
This article argues that the existing regime for sentencing violations of CFAA is based on a conceptual error that consistently leads to improper sentencing recommendations.
Security breaches remain big news, virtually every day. Executives and managers understand it is a question of “when,” not “if,” their companies will be targeted. Companies in all industries, as well as a host of other organizations, are affected. Hackers are engaged in ever more brazen schemes to gather personal and proprietary information for a variety of motives.
When it comes to insurance coverage for cyber risks, uncertainty continues to reign supreme. Cyber liability insurance is constantly evolving, and while dozens of insurers currently offer a cyber liability product, coverages are not standard from policy to policy.
Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. The result is that there is now a gaping hole in consumer privacy protection law.
At its October 2016 meeting, the Council took the following actions concerning project drafts