Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Avatars, Facial Scans & Virtual Basketball: Second Circuit Tosses Biometric Privacy Case A recent federal appellate ruling delivered a significant blow to invasion of privacy claims based on facial recognition technology used to scan users’ faces that are then put on their personalized players “in-game,” allowing them to play side-by-side with basketball stars in a popular video game. In Santana v. Take-Two Interactive Software, no. 17-303, 2017 U.S. App. LEXIS 23446 (2d Cir. Nov. 21, 2017), the U.S. Court of Appeals for the Second Circuit rejected privacy claims made under the Illinois... More
  • Inside the Stanford Breach: Exposed Records Lead to Financial Aid Scandal A cybersecurity vulnerability at Stanford University exposed thousands of sensitive files containing details of sexual assault investigations and disciplinary actions. The story of what happened—and why it should be an object lesson for higher education. The second of a three-part series. The culprit behind three separate data security incidents at Stanford University – exposing reams of confidential information about campus sexual assault reports, disciplinary actions, financial aid decisions and personal information for nearly 10,000 employees – was a series of... More
  • CNN Features Op-Ed by Craig Newman: “Why the world needs a NATO for cyberwarfare” On Wednesday, December 6, CNN featured an op-ed written by Craig Newman, Chair of Patterson Belknap’s Privacy and Data Security Practice, entitled “Why the world needs a NATO for cyberwarfare”. Mr. Newman discusses the increasing number of digital assaults against private industries and governments, and notes that society is still in a state of denial about the prospects of a global cyber showdown. He argues that the United States should be leading the international community in addressing cyberattacks through existing... More
  • LA City Attorney Jumps Into Uber Fray A complaint filed Monday by Los Angeles City Attorney Mike Feuer accuses Uber Technologies Inc. of violating California law by concealing “for an entire year” a data breach that exposed the names and license numbers of 600,000 Uber drivers in the United States. As we’ve previously reported, hackers also stole the names, email addresses and cellphone numbers for 57 million Uber riders. Rather than promptly reporting the breach, Uber paid the hackers $100,000 to destroy the stolen data, according to... More
  • Inside the Stanford Breach: Sexual Assault, Disciplinary and Financial Data Exposed A series of cybersecurity vulnerabilities at Stanford University exposed thousands of sensitive files containing details of sexual assault investigations, disciplinary actions and more. The details of what happened—and why it should be an object lesson for higher education. A special three-part blog series. Part 1 In three separate data security incidents over the past year at Stanford University, thousands of digital files were left exposed for months – perhaps longer – that contained details of sexual assault investigations, disciplinary actions... More
  • Payment or Pillory: More Fallout from Uber’s Data Breach With new developments regarding Uber Technologies Inc.’s 2016 data breach coming out almost daily, lawsuits against the company continue to pile-up. We previously reported that within days of Uber disclosing the data theft and its subsequent payment of $100,000 to the hackers ostensibly to delete the data, regulators from around the globe, including the U.S., EU, Mexico, Canada, Australia, and the Philippines, began investigations. As of this morning, Uber has already been hit with at least four class action lawsuits... More
  • Uber Breach Uber Technologies, Inc., the latest victim of a high-profile data theft, is taking heat for its handling of the 2016 incident – first disclosed last week – in which account information for 57 million riders worldwide was stolen.  The theft was made public in a blog post written by the company’s new chief executive officer Dara Khosrowshahi. Khosrowshahi wrote that Uber tracked down the two hackers and “obtained assurances that the downloaded data had been destroyed.” It’s been reported that... More
  • Part Two: In-Depth Look at New York’s New Data Security Bill Second in a two-part series. Last week, in the first part of this series, we examined several key aspects of New York’s proposed data security law, Stop Hacks and Improve Data Security Act or SHIELD Act. In our second and final installment, we discuss three additional aspects of the proposed law. Content of Notices All SHIELD Act notices must contain the contact information of the entity providing the notice, the contact information for state and federal agencies that provide... More
  • An In-Depth Look at New York’s New Data Security Bill First in a two-part series. As we reported last week, New York Attorney General Eric T. Schneiderman has introduced a bill aimed at protecting New Yorkers from data breaches. The Stop Hacks and Improve Data Security Act or SHIELD Act requires businesses to “implement and maintain reasonable safeguards” to protect New Yorkers’ personal and private information; according to the Attorney General, data breaches involving New Yorkers increased 60% in 2016.  The new legislation, which was introduced in the wake of... More
  • SEC Cyber Watch: Finally, New Guidelines for Breach Disclosures? The U.S. Securities and Exchange Commission has signaled that it expects to issue updated guidelines on reporting cybersecurity incidents. “I think this issue is important enough, wide-ranging enough that we should tackle it at the commission level,” said William H. Hinman, the SEC’s new director of the Division of Corporate Finance. Hinman’s remarks were made last week during a speech in New York and reported by the Wall Street Journal. Hinman hinted that the guidelines would “touch a couple of... More