Categories & Search

Industry: Media, Entertainment & Sports

Hackers Target the Bottom Line: Business Operations and Earnings

Over the past several years, we have witnessed a fundamental shift in orchestrated cyber-attacks from hacking credit card data and healthcare information to targeting businesses, their operations and bottom lines.

Go

The Computer Fraud and Abuse Act Will Need To Wait Another Day In New York’s Commercial Division

Justice Shirley Kornreich recently issued one of the few New York state court decisions  that address the Computer Fraud and Abuse Act (“CFAA”).  Spec Simple, Inc. v. Designer Pages Online LLC,  No. 651860/2015, 2017 BL 160865 (N.Y. Sup. Ct. May 10, 2017).  The CFAA criminalizes both accessing a computer without authorization and exceeding authorized access and thereby obtaining information from any protected computer.  Id. at *3 (citing 18 U.S.C. § 1030(a)(2)(C)). The CFAA also provides a civil cause of action to any person who suffers damage or loss because of a violation of the CFAA.  Id. at *4 (citing 18 U.S.C. § 1030(g)).  As discussed below, the decision provides a helpful look into the interpretation of CFAA claims in the future.

Go

Digital Divide Deepens: Tech Community Backs Second Circuit in Clash with Magistrates over Reach of U.S. Warrants

The technology community took aim at a recent federal magistrate’s ruling that ordered Google Inc. to comply with search warrants seeking customer emails stored on servers abroad, calling the decision “an impermissible extraterritorial application of U.S. law.” In rejecting a recent federal appeals court decision in a similar case in favor of Microsoft Corp., U.S. Magistrate Thomas J. Reuter in Philadelphia ruled that transferring emails from a foreign server to the U.S. was not tantamount to a seizure beyond American borders. The technology companies urged the court to reject the “fiction that such a foreign search and seizure is a domestic act….”

Go

Second Circuit Court of Appeals Denies Rehearing in Microsoft Case

Back in December 2013, a U.S. magistrate issued a seemingly routine warrant in a narcotics case demanding that Microsoft turn over messages from a customer’s email account that resided on a server in Ireland.  That warrant, which issued under a 1986 law called the Stored Communications Act (“SCA”), 18 U.S.C. § 2703, is still being debated today.

Go

FTC Slaps Down ALJ’s Data Security Ruling in LabMD, Sets Broad Mandate for Protection of “Sensitive” Consumer Data

In a sweeping statement of its data security expectations for organizations that maintain consumer information, the Federal Trade Commission on Friday found that LabMD, the defunct medical testing lab, failed to employ adequate data security safeguards in violation of Section 5 of the FTC Act, even though there was no indication that any information had been misused or compromised.

Go

Lessons from LinkedIn: Privacy and Data Security Representations in the M&A Context

Microsoft’s blockbuster acquisition of LinkedIn earlier this month—a deal where concerns for privacy and data security loomed large—provides a glimpse into the growing trend of including separate privacy and data security representations in merger and acquisition agreements.  Because the trend is so recent, there is no consensus or standard practice at this point for drafting these representations.  The LinkedIn privacy and data security representation is a good example of the evolving nature of these representations.

Go

LabMD’s Waiting Game: Lingering Questions over FTC’s Authority in Data Security Matters

A contentious legal battle over data security between the Federal Trade Commission and LabMD, a small medical testing lab, is chronicled in the latest edition of Bloomberg Businessweek.  Dune Lawrence’s report raises lingering questions about the FTC’s prosecution of a now-defunct company, tampered evidence and regulatory overreach.

Go

Federal Appeals Court Set to Issue One of the Most Important Privacy Rulings in a Generation

For months, the technology and business communities have been waiting anxiously for a Federal appeals court ruling on whether American companies can be forced to turn over customer information to U.S. law enforcement when that information is stored on servers abroad.  It’s the result of a legal appeal filed last year by Microsoft Corporation that was argued before the U.S. Court of Appeals for the Second Circuit more than seven months ago.

Go

Traditional General Liability Policy Covers Medical Records Mishap

A U.S. appeals court yesterday held that a traditional corporate general liability policy triggered an insurer’s duty to defend a class action lawsuit alleging that a medical records company failed to properly secure patient records on its server.

Go

On the Front Lines of Cybersecurity: The Corporate Challenge

Recent surveys tell us that cybersecurity is the top risk faced by corporate America.  The Bank Director’s 2016 Risk Practices survey – out yesterday – disclosed that three quarters of bank executives and board members believe cybersecurity is their top concern.  And their general counsel agree.  In another recent study, general counsel said that cybersecurity was their top area of organizational risk as well.

Go

FTC Reviews Case Over Legal Standard For Data Security Enforcement Action

Faced with the prospect of overturning a decision by one of its own administrative law judges, the Federal Trade Commission on Tuesday explored ways in which to render a narrow decision.  The argument was the most recent chapter in the long running data security enforcement action against LabMD, the now defunct medical testing laboratory.

Go

CISA Is Now Law—What It Means for Your Organization

After several fits and starts, Congress finally passed the Cyber Information Sharing Act of 2015 (CISA) as part of the omnibus budget bill.  President Obama signed the bill into law on December 18, 2015.

Go

The Privilege of PR: Application of the Attorney-Client Privilege to Crisis Communications and Public Relations in Breach Response Planning

Cyber-attacks have become a matter of everyday reality for all businesses: regardless of industry or size, it is no longer if a data breach will happen, but when.  And waiting for a breach to occur before designing and implementing a cyber incidence response plan is generally a recipe for disaster.  

Go

FTC Blasted in LabMD Data Security Case

In a long-running and highly contentious data security enforcement action against LabMD, a small medical testing laboratory, the Federal Trade Commission was handed a stunning defeat late Friday.  In a 92-page Initial Decision, Chief Administrative Law Judge D. Michael Chappell dismissed the FTC’s case against LabMD – after a full administrative trial – based on the Commission’s failure to prove it was “likely” that consumers had been substantially injured in two alleged data security incidents dating back nearly seven years.

Go

Department of Homeland Security: “The C-Suite and Cybersecurity”

Federal and state cybersecurity agencies teamed up last week for a two-day summit focused on the evolving nature of cybersecurity threats to New Jersey businesses.  The event was sponsored by the U.S. Department of Homeland Security’s (“DHS”) Critical Infrastructure Cybersecurity Voluntary Program and The New Jersey Office of Homeland Security and Preparedness.

Go

Second Circuit Hears Argument in Microsoft Appeal: How Far Does a U.S. Warrant Reach?

In a 90-minute hearing earlier today, Microsoft Corp. asked the Second Circuit Court of Appeals to reverse a district court decision forcing the technology giant to turn over customer email traffic residing on a server in Ireland. American companies with data centers located outside the U.S., as well as privacy advocates and media organizations are closely watching this case.  During the argument, the Court acknowledged that the “implications of its ruling would be broad.”

Go

Steering Clear of Broken Promises

With last week’s ruling by the Third Circuit Court of Appeals in FTC v. Wyndham Worldwide Corp. solidifying the Federal Trade Commission’s authority to enforce data security practices, organizations that use online computers to store customer information should take notice.  Since 2005, the FTC has stepped up its enforcement efforts and has entered into more than 50 consent decrees relating to cybersecurity matters.  

Go