Data Security Law Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

GAO Backs “Comprehensive” Privacy Legislation

by George A. LoBiondo on February 20, 2019

A recent report by the Government Accountability Office (GAO) is recommending that Congress adopt comprehensive federal data privacy legislation. The GAO’s proposal is, in part, meant to address limitations of the current privacy regulatory landscape, which is mostly piecemeal, industry-specific regulation at both the federal and state levels. The GAO’s 56-page report follows more than a year of interviews with officials from various federal agencies that have taken active roles in data security issues, including the Federal Trade Commission (FTC), Federal Communications Commission, and the Consumer Financial Protection Bureau, as well as stakeholders from industry and academia.

Ninth Circuit Gives Google Reprieve to Resolve Overseas Warrant Dispute

by George A. LoBiondo on August 16, 2018

A federal appeals court is giving Google and the Justice Department more time to work out their differences in a standoff over whether the tech giant must hand over customer emails stored outside of the United States.

Microsoft Joins Government’s Request to Render Fight over Access to Data Stored Abroad Moot

by George A. LoBiondo on April 4, 2018

Yesterday, we reported that the Department of Justice has asked the U.S. Supreme Court to remand its dispute with Microsoft Corp. concerning access to customer emails stored abroad to the U.S. Court of Appeals for the Second Circuit with instructions to dismiss it as moot. The government argued that the newly enacted “CLOUD” Act clarifies prior law and makes clear that information stored abroad can, under certain circumstances, be subject to a domestic warrant. The government added that it obtained a new warrant for Microsoft to turn over the requested information in the days following the CLOUD Act’s passage.

Government Urges High Court to Moot Microsoft Email Case

by George A. LoBiondo on April 3, 2018

We’ve written several times about the landmark dispute between the U.S. government and Microsoft Corp. over access to a customer’s emails stored in Ireland. Now, a month after the U.S. Supreme Court heard oral argument on the government’s appeal, the Justice Department has asked the Court to remand the case to the U.S. Court of Appeals for the Second Circuit with instructions to dismiss it as moot.

Google Puts Its SCA Warrant Appeal on Hold as High Court Prepares to Hear Microsoft Case

by George A. LoBiondo on January 10, 2018

The fight over the privacy of electronic communications and the government’s ability to reach emails stored abroad in criminal investigations has finally moved to the U.S. Supreme Court.

Court Rejects DOJ’s Depiction of Google as “Willful and Contemptuous” Tactics in Ongoing Battle over SCA Search Warrant

by George A. LoBiondo on November 6, 2017

A federal judge in California has agreed to hold Google in contempt for not following his order to turn over data stored overseas. The order is largely symbolic, however, since a contempt order is required for Google to appeal the ruling.

Justices to Hear DOJ Appeal on Microsoft Ruling: Is Email Stored Abroad Subject to a U.S. Warrant?

by George A. LoBiondo on October 16, 2017

The Supreme Court is poised to finally answer the question that’s been plaguing federal courts across the country: must U.S. tech companies comply with warrants issued under the Stored Communications Act (“SCA”) that demand information from customer accounts that is stored on servers in a foreign country?

Justice Department Accuses Google of “Alarming” Tactics in Fight over SCA Search Warrant

by George A. LoBiondo on October 4, 2017

The ongoing dispute between the government and Google concerning the company’s refusal to hand over customer data stored on foreign servers has taken an odd twist. Now, the Justice Department is demanding that Google be sanctioned for not abiding by the court’s most recent decision—ordering it to produce data associated with 22 email accounts—and calling Google’s conduct “a willful and contemptuous disregard of various court orders.” The case is In the Matter of the Search of Content that Is Stored at Premises Controlled by Google, No. 16-mc-80263 (N.D. Cal.).

Judge Sides with Government over Google in the Latest Battle Rematch over the Territorial Reach of the SCA

by George A. LoBiondo on August 17, 2017

Another federal judge has rejected the U.S. Court of Appeals for the Second Circuit’s interpretation of the Stored Communications Act (SCA), and has ordered Google to hand over customer email traffic—wherever located—to U.S. law enforcement. More than a year ago, the Second Circuit held that Microsoft Corp. was not required to produce customer emails stored on foreign servers in response to an SCA warrant. Since then, the Second Circuit’s ruling has been rejected by three different federal courts around the country.

Another Rematch Between Tech Companies and the Government over the Territorial Reach of the Stored Communications Act

by George A. LoBiondo on July 25, 2017

Lawyers for the tech community are gearing up for argument next month in the U.S. District Court in San Francisco, seeking to overturn another magistrate’s order that requires digital information stored outside of the U.S. to be turned over in response to a U.S. search warrant.

Facebook Warrant Case: Stark Debate and a Divided Court

by George A. LoBiondo and Karen R. Berry on May 8, 2017

We previously posted about a case before the New York Court of Appeals that concerned whether Facebook has the legal standing to challenge search warrants seeking its users’ data. In April, the court sided with the Manhattan District Attorney’s office and rejected Facebook’s challenge. The three opinions by the judges—particularly the concurrence by Judge Jenny Rivera—provide insight into this evolving area of law.

Does Facebook Have the Right to Challenge Search Warrants Seeking Facebook Users’ Data? New York’s Highest Court Hears Argument

by George A. LoBiondo on February 9, 2017

Facebook is the latest social media giant to push back on law enforcement efforts to seek user information. On Tuesday, the New York Court of Appeals heard oral argument in a case focusing on whether Facebook has the right—or legal standing—to challenge bulk search warrants issued by the Manhattan District Attorney’s office for its users' data. The case is In re 381 Search Warrants Directed to Facebook, Inc. and Dated July 23, 2013.

When Using a Computer Becomes a Crime, Part Two: ACLU, Facebook Weigh In on Ninth Circuit’s Answer

by George A. LoBiondo and Karen R. Berry on November 15, 2016

The Electronic Frontier Foundation (“EFF”) and the American Civil Liberties Union (“ACLU”) have weighed in on Facebook’s high-profile dispute with a social media aggregation company over whether it had unlawfully accessed Facebook’s computers. The EFF and ACLU warned the Ninth Circuit that the panel’s ruling for Facebook risks chilling important investigations and makes “potential criminals out of millions of ordinary Americans on the basis of innocuous online behavior.” The case is Facebook, Inc. v. Power Ventures, Inc., No. 13-17102.

When Is Using a Computer a Crime? Rehearing Sought on Ninth Circuit’s “Distressingly Unclear” Answer

by George A. LoBiondo on August 15, 2016

Facebook recently won a landmark victory in the Ninth Circuit against a company that accessed Facebook’s computers to help users manage their social network accounts. Now the company, Power Ventures, Inc., says that the Ninth Circuit’s decision risks creating “widespread confusion” about when it is a crime to use a computer to access a website.

Cyber Attacks on Vulnerable Financial Institutions Linked to North Korea

by George A. LoBiondo and Michael F. Buchanan on June 3, 2016

Has North Korea struck again? Do its recent attacks signal a shift from those motivated by political retribution to those motivated by financial gain? What does this mean for financial institutions?

European Parliament: Proposed Privacy Shield Must Be Strengthened

by George A. LoBiondo and Michael F. Buchanan on May 31, 2016

We have previously written about the ongoing debate regarding the proposed EU-U.S. Privacy Shield. The European Parliament has now added its voice to those who say that the current proposal is inadequate.

CISA Is Now Law—What It Means for Your Organization

by George A. LoBiondo and Michelle W. Cohen on January 29, 2016

After several fits and starts, Congress finally passed the Cyber Information Sharing Act of 2015 (CISA) as part of the omnibus budget bill. President Obama signed the bill into law on December 18, 2015.

LifeLock Will Pay $100 Million to Settle (Again) with FTC

by George A. LoBiondo and Michael F. Buchanan on December 17, 2015

In a significant development, the FTC announced today that LifeLock, the identity theft protection company, has agreed to settle the FTC contempt charges against it for $100 million. This is the largest monetary award the FTC has ever obtained in an order enforcement action.

Upcoming Oral Argument in US v. Microsoft: Does a U.S. Warrant Apply to Email Stored on a Foreign Server?

by George A. LoBiondo on September 2, 2015

On September 9th, the Second Circuit Court of Appeals will hear a case with global business, technology, and legal implications. The case, United States v. Microsoft, presents a deceptively simple question: What’s a multinational company to do when it receives a U.S. court order to turn over customer emails that are stored on a server in a foreign country and that may be subject to different data privacy laws?