Data Privacy Posts
In Minnesota v. Diamond, the Minnesota Court of Appeals affirmed an Order requiring a suspect to provide his fingerprint to unlock his cellphone was constitutional.
In Dittman v. UPMC, the plaintiffs brought a class action alleging UPMC was negligent in securing the data and breached an implied contract. A divided panel of the Pennsylvania Superior Court ruled that UPMC did not owe a legal duty to its current and former employees to protect their personal and financial information from hacking.
Three States Join Others to Expand Personal Information Definition to Include Usernames or Email Addresses
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI. As part of a recent trend, some data breach notification statutes have been expanding the definition of PI, including by adding usernames and email addresses.
The New York Department of Financial Services has released an extensively revised cybersecurity regulation applicable to the wide variety of financial services companies regulated by the NYDFS.
This article argues that the existing regime for sentencing violations of CFAA is based on a conceptual error that consistently leads to improper sentencing recommendations.
Security breaches remain big news, virtually every day. Executives and managers understand it is a question of “when,” not “if,” their companies will be targeted. Companies in all industries, as well as a host of other organizations, are affected. Hackers are engaged in ever more brazen schemes to gather personal and proprietary information for a variety of motives.
When it comes to insurance coverage for cyber risks, uncertainty continues to reign supreme. Cyber liability insurance is constantly evolving, and while dozens of insurers currently offer a cyber liability product, coverages are not standard from policy to policy.
Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. The result is that there is now a gaping hole in consumer privacy protection law.
At its October 2016 meeting, the Council took the following actions concerning project drafts
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble stores.