Data Privacy Posts
Border Control’s Search of Electronic Devices
There have been reports of Customs and Border Protection (CBP) agents asking people entering the U.S. to unlock their electronic device and inspect it. More often than not, a refusal to hand over the device and passcode could result in it being seized and the person could be kept in physical detention for refusing to comply.
Courts Rule Unlocking Phone Is Constitutional
In Minnesota v. Diamond, the Minnesota Court of Appeals affirmed an Order requiring a suspect to provide his fingerprint to unlock his cellphone was constitutional.
Employer Did Not Owe Legal Duty to Protect Employees’ Hacked Personal and Financial Records
In Dittman v. UPMC, the plaintiffs brought a class action alleging UPMC was negligent in securing the data and breached an implied contract. A divided panel of the Pennsylvania Superior Court ruled that UPMC did not owe a legal duty to its current and former employees to protect their personal and financial information from hacking.
Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI. As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.
NYDFS Proposes Revised Cybersecurity Requirements for Financial Services Companies
The New York Department of Financial Services has released an extensively revised cybersecurity regulation applicable to the wide variety of financial services companies regulated by the NYDFS.
Trespass, Not Fraud: The Need for New Sentencing Guidelines in CFAA Cases
This article argues that the existing regime for sentencing violations of CFAA is based on a conceptual error that consistently leads to improper sentencing recommendations.
Responding to Security Breaches
Security breaches remain big news, virtually every day. Executives and managers understand it is a question of “when,” not “if,” their companies will be targeted. Companies in all industries, as well as a host of other organizations, are affected. Hackers are engaged in ever more brazen schemes to gather personal and proprietary information for a variety of motives.
Insurance Coverage for Cyber Risks
When it comes to insurance coverage for cyber risks, uncertainty continues to reign supreme. Cyber liability insurance is constantly evolving, and while dozens of insurers currently offer a cyber liability product, coverages are not standard from policy to policy.
A Gaping Hole in Consumer Privacy Protection Law
Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. The result is that there is now a gaping hole in consumer privacy protection law.
ALI Council Approves Project Drafts
At its October 2016 meeting, the Council took the following actions concerning project drafts