Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Bug Bounty Programs: What Every Organization Needs to Know More and more companies are paying up – and paying more – to so-called “ethical” hackers who report data security bugs or vulnerabilities for a bounty. A report released last week by Bugcrowd, a crowdsourced cybersecurity firm, says that companies are now dolling out more than ever in bug bounties. But what are bug bounty programs, and why should companies care? Many tech companies and software developers have “bug bounty” programs, in which they offer incentives in the form of... More
  • LabMD Wins Long-Running Data Security Case Against FTC In a closely watched test of the Federal Trade Commission’s authority as a data security regulator, the U.S. Court of Appeals for the Eleventh Circuit late yesterday sided with LabMD and threw out the agency’s long-running case against the defunct cancer testing lab, finding the agency’s use of a vague and broad-brush consent decree was unenforceable. Judge Gerald B. Tjoflat, writing for the three-judge panel in a 31-page ruling, found that the commission could only bar specific practices and can’t require a... More
  • New York AG Throws Support Behind Proposed SHIELD Act It didn’t take long for New York’s interim Attorney General to send a strong message to the business community about the importance of data security. In a press release yesterday, interim New York Attorney General Barbara Underwood threw her support behind New York’s proposed SHIELD Act – Stop Hacks and Improve Electronic Data Security – which was introduced late last year and imposes data security safeguard requirements on businesses that hold sensitive information of New York residents.  We’ve previously blogged about the... More
  • Ticketfly Hacked: Reports say 26 Million Customers Affected The concert and event ticketing company, Ticketfly, is working to get its systems back online after a cyber-attack last week. Ticketfly has confirmed the hack but has released little information. “ has been the target of a cyber incident,” the company said in a statement posted on its website. “In consultation with leading third-party forensic and cybersecurity experts, we are in the process of bringing the Ticketfly ticketing system back online with the security of our clients and fans... More
  • Judge Hits Pause Button on LabMD’s Hacking Cover-Up Suit Against Former U.S. Attorney A federal judge in New York has dismissed LabMD’s lawsuit against a former United States Attorney – which charged her with ethics violations and engaging in a cover-up over her role in an U.S. Federal Trade Commission data security enforcement action – on jurisdictional grounds. U.S. District Judge J. Paul Oetken dismissed the lawsuit without prejudice because LabMD did not adequately plead subject matter jurisdiction. It’s likely the case will be refiled in state court. As this blog first reported,... More
  • Another DFS Cyber Deadline Looms For thousands of financial institutions and insurance companies covered by New York DFS’s sweeping data security regulation, the countdown to yet another deadline has begun. Those companies will remember last August, when DFS’s first transition period ended, and the same companies know that they had to first certify their compliance with the regulation to DFS only months ago, in February. Now, companies covered by the regulation should keep their eye on another fast-approaching deadline: September 3, 2018, when the regulation’s... More
  • Facebook Gears Up for High Stakes Biometric Trial In one of the first major tests of the Illinois biometric data privacy law, Facebook is headed to trial this summer over allegations that the social media giant unlawfully collects user data with its photo tagging function. Last week, U.S. District Judge James Donato denied cross motions for summary judgment in a class action pending in Northern California, noting the “multitude of fact disputes in the case.” The judge ruled that the case turns on whether Facebook collects and stores scans of... More
  • Litigating Blockchain: Not So Simple Many believe that blockchain technology will revolutionize the way humans interact, in business and beyond.  Though cryptocurrency is the topic du jour, blockchains can do much more than just enable digital currencies:  they can be used to transform the way we store and manage many kinds of data, from real property and voting records to intellectual property licenses and medical information, and more.  If blockchain is mainstreamed, courts will inevitably be faced with disputes arising out of the differences between... More
  • Wearable Technology Fits into Professional Sports Professional athletes, teams, and leagues have embraced wearable technology.  But as this new technology becomes ubiquitous, a new category of valuable—and personally sensitive—data has emerged, raising novel data security issues and incentives for would-be hackers. Data analysis has spawned a revolution in professional sports management (think, for example, of Moneyball).  Sports data is coveted by everyone from the casual fan to competitors.  In one high-profile incident from a few years ago, former St. Louis Cardinals scouting director Chris Correa was... More
  • Insurance Industry Cybersecurity Law Moves Closer to Becoming a Reality The insurance industries in South Carolina and Rhode Island may soon be required to adopt formal data security safeguards, a movement sparked by the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The model law, which NAIC adopted in October 2017, establishes minimum standards for data security applicable to insurance providers. It is part of a growing body of state-level cybersecurity legislation, including the New York State Department of Financial Services regulation issued in March 2017.  We... More