As COVID-19 has spread throughout the world and within the United States, companies of all sizes have had to make quick decisions about how to implement work-from-home procedures. While many businesses are accustomed to having some of their employees work remotely at any given time, the sudden shift to a majority of the work force being away from controlled office networks and environments presents a unique and heightened set of technical and cybersecurity challenges.
Like many people, Aaron Graham and Eric Jordan carried cell phones around in 2011. Unlike most people, Graham and Jordan were convicted of crimes arising from their participation in a series of armed robberies in that period, and were soon sorry that they had their cell phones on them when those robberies happened. Sitting en banc, the U.S. Court of Appeals for the Fourth Circuit just made them sorry last Tuesday in United States v. Graham, No. 12-4659 (4th Cir. May 31, 2016).
Because in their investigation, federal agents sought the cell-site location information (or “CSLI” as ... Read More
If you’ve ever attended the SEC Speaks conference, you know that the official program is an intensely uninteresting collection of short speeches by SEC officials who don’t have a lot of incentives to say groundbreaking things. But occasionally there are exceptions. I think Deputy Director Stephanie Avakian’s discussion of cybersecurity cases on Friday was one of those.
Avakian broke those cases down into three categories.
- Failures of registered entities to safeguard information. She cited the R.T. Jones Capital Equities Management case from September of last year as an ...
We’ve discussed the importance of privacy assessments here in the past. It is a frustrating realization, indeed, when a company discovers a data breach involving data that it never needed or even knew it kept.
A proactive company-wide privacy assessment allows your business to carefully evaluate on its own timeline (rather than in the panic of breach response) the company’s data collection, sharing, storage, and security practices. Vulnerabilities can be identified and addressed, and “stale” privacy and security policies can be updated to reflect current practices.Read More
Over the last couple years, the SEC’s cybersecurity bark has been worse than its bite. Its Office of Compliance, Inspections, and Examinations issued examination priorities in 2014. Commissioner Aguilar warned public company boards that they had better get smart about the topic a few months later. The results of OCIE’s cybersecurity exam sweep were released in March of this year. And the Investment Management Division said words, not many words, about investment advisers’ responsibilities in this area in July.
What it hasn’t done recently is sue somebody ... Read More
If you thought all the action in privacy regulation centered around the Federal Trade Commission, the Federal Communications Commission would like you to think again. Yesterday, April 28, the FCC held a 3-plus hour workshop that started the regulatory “conversation” on the manner in which the FCC can or should regulate consumer broadband privacy.
Chairman Wheeler kicked off the event with opening remarks that included this unequivocal statement: “Privacy is unassailable.” He also said that “changes in technology do not affect our values.” From these words ... Read More
Last week, we posted about the Consumer Privacy Bill of Rights “discussion draft” released by the Obama Administration. On Thursday, March 5, at the annual U.S. meeting of the International Association of Privacy Professionals (which I attended), FTC Commissioner Julie Brill answered questions about her take on the bill and other policy issues. Here are just a few comments from that discussion that merit a follow-up post:
- Commissioner Brill stated in no uncertain terms that the draft bill is not protective enough of consumers. At various times, she said there are ...
Late last week, President Obama released a “discussion draft” of the Administration’s long awaited Consumer Privacy Bill of Rights Act. At first blush, the results are a mixed bag: some good, some not so good, much work among stakeholders left to be done.
It didn’t take long for consumer advocates, and even one FTC Commissioner, to say the draft legislation doesn’t go far enough. The Internet has been rife with posts this week about the bill’s problems and shortcomings. In summary, for most, the bill landed like a lead balloon.
Still, the Administration released the bill as ... Read More
Ed. Note: This entry is cross posted from Cady Bar the Door, David Smyth's blog offering Insight & Commentary on SEC Enforcement Actions and White Collar Crime.
When I was at the SEC and online broker-dealers’ customers were the victims of hacking incidents, I used to wonder, why don’t the broker-dealers require multi-factor authentication to gain access to accounts? It was a silly question. I knew the answer. Multi-factor authentication is a pain and nobody likes it.
Do you know what it is? Here’s what Wikipedia says, so it must be true:
Multi-factor authentication ... Read More
Unless you have been completely disconnected from all media, you are probably already aware that on Sunday, February 15, 2015, the FAA announced the release of its long-awaited rules to govern commercial sUAS (small unmanned aircraft systems) operations in the United States. The FAA’s proposed sUAS rules arrived like a barely-late valentine or box of candy, with the recipients hoping to read loving prose and enjoy fresh, rich chocolates. At this point, of course, the rules are merely a proposed regulatory regime (as embodied in a document that is called a “Notice of Proposed ... Read More
You have probably heard about the recent data breach at Sony; after all, it’s not often that Kim Jong Un and Angelina Jolie are mentioned as part of the same story. Unlike other recent high profile hacks, the recent Sony hack appears to be somewhat different in character: the hackers appear to care most about using the information stolen from Sony to bring shame and scorn to the company, rather than for their own pecuniary gain.
And the story appears to continue down the proverbial rabbit hole, with reports of a tongue-and-cheek offer of investigative cooperation from the North Koreans ... Read More
by Forrest Campbell, Health Law Attorney, firstname.lastname@example.org
In December 2014, the U.S. Department of Health and Human Services ("HHS") and Anchorage Community Mental Health Services ("ACMHS") settled alleged HIPAA violations for $150,000.
Don't be misled--this settlement is not important just for parties subject to HIPAA. It's important to anyone who maintains confidential information in electronic form.
Here's what happened according to HHS. ACMHS failed to regularly update its IT resources with available patches, and ACMHS used outdated, unsupported ... Read More
The U.S. Federal Trade Commission usually gets much of the glory for policing privacy and data security issues. For example, just a few months ago the FTC achieved a settlement requiring Fandango and Credit Karma to establish comprehensive data security programs and biennial security assessments following charges that the companies misrepresented to consumers the level of security of their mobile apps and failed to secure the transmission of consumers’ sensitive personal information. And who could forget the FTC’s Google Buzz settlement from 2011?
But recently the FTC ... Read More
We have closely followed the twists and turns in Detroit Free Press reporter David Ashenfelter's efforts to avoid being forced to reveal his sources in the civil action against the Department of Justice brought by former federal prosecutor Richard Convertino. This spring, a federal judge in Michigan allowed Ashenfelter to invoke his rights under the 5th Amendment in order to avoid testifying under oath about his sources.
A panel of the Minnesota Court of Appeals has ruled in an invasion of privacy case that a MySpace.com posting revealing certain private facts about a plaintiff constituted “publicity per se.” Although the appellate court ultimately held that the lower court properly granted summary judgment on the invasion of privacy claims in favor of the defendants, the publicity aspect of the ruling is an important because it demonstrates how “old media” publication torts are being applied to new social media.
In October 2008, we reported that the Florida Supreme Court rejected the false light invasion of privacy tort as a viable claim for relief under Florida law. On December 23, 2008, the Missouri Court of Appeals went the opposite direction and held that Missouri does recognize false light invasion of privacy as an actionable tort.
In Meyerkord v. Zipatoni Co., the Missouri Court of Appeals vacated and remanded the trial court's dismissal of a plaintiff's claim alleging that the defendant company, Zipatoni, had cast the plaintiff in a false light by failing to remove the plaintiff as the ... Read More
The Supreme Court of Florida yesterday issued two opinions holding that Florida law does not recognize the false light invasion of privacy tort. These outcomes constitute significant wins for media defendants in a state where the existence of false light as a viable state-law claim has been hotly debated.
Rapp v. Jews for Jesus, Inc. involved statements made by the plaintiff’s stepson in a newsletter that suggested the plaintiff had joined or was a believer in the Jews for Jesus philosophy. Essentially, the plaintiff argued in the underlying proceedings that, while literally ... Read More
- June 2021
- March 2020
- August 2019
- March 2019
- October 2018
- July 2016
- June 2016
- May 2016
- February 2016
- November 2015
- September 2015
- July 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- July 2014
- March 2014
- July 2013
- June 2013
- April 2013
- March 2013
- October 2012
- September 2012
- August 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- September 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2006
- February 2006
- Data Breach Defense for Educational Institutions
- COVID-19 and the Increased Cybersecurity Risk in a Work-From-Home World
- Like Incorporating Facebook into your Website? EU Decision Raises New Issues
- Lessons Learned: Key Takeaways for Every Business from the Capital One Data Breach
- Will Quick Talks to WRAL About Privacy Issues Related to Doorbell Cameras
- About Us
- Not in My House - California to Regulate IoT Device Security
- Ninth Circuit Says You’re Going to Jail for Visiting That Website without Permission
- Ninth Circuit Interprets “Without Authorization” under the Computer Fraud and Abuse Act
- Taking a Walk Back to a Kinder, Gentler Interpretation of the Computer Fraud and Abuse Act
- Data Security
- Digital Media and Data Privacy Law
- Data Breach
- Public Records
- FCC Matters
- Reporters Privilege
- Newsroom Subpoenas
- Political Advertising
- Shield Laws
- First Amendment
- Anti-SLAPP Statutes
- Fair Report Privilege
- Prior Restraints
- Access to Courtrooms
- Privacy Policies
- Drone Law
- Access to Court Dockets
- Access to Search Warrants
- First Amendment Retaliation
- Mobile Privacy
- Newsroom Search Warrants
- About This Blog