Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Part II: A Closer Look at the CCPA’s Definition of “Personal Information”   Our three-part series on the California Consumer Privacy Act’s (CCPA) expansive definition of “personal information” is designed to help businesses identify whether they hold information covered under the law, while also highlighting the potential pitfalls in the definition as we await interpretative regulations from the California Attorney General and potential amendments from the state’s legislature. In Part I, we explored the breadth of the definition. We now turn to the law’s two explicit exclusions from the definition of “personal information.” ... More
  • Incoming DFS Chief Calls Cyber the “Number One Threat” Facing Industry and Government The incoming chief of New York’s top financial services regulator called cybersecurity “the number one threat facing all industries and governments globally” during a speech on Friday, April 12, 2019 at the Association of the Bar of the City of New York. Linda Lacewell, acting superintendent of the New York State Department of Financial Services (“DFS”), made her remarks at an event focused on insurance regulation and they come at a time when the state’s sweeping cybersecurity regulation — initially... More
  • Part I: A Closer Look at California’s New Privacy Regime: The Definition of “Personal Information”   The California Consumer Privacy Act (CCPA) is set to become “operative” on January 1, 2020. As we have written in earlier blog posts, the CCPA is the most sweeping consumer privacy law in the country. And the CCPA isn’t set in stone. The California Attorney General’s office recently concluded a public comment period as it prepares to draft interpretative regulations mandated by the CCPA. Not surprisingly, industry lobbyists are out in full force advocating for the legislature to amend... More
  • FBI’s Brief Expands to Combat Cyber Threats The nation’s top law enforcement agency is rebooting its cybercrime capabilities. In an effort to keep up with the evolving threats against property, critical infrastructure and human life posed by cyber-attacks –especially those launched by foreign adversaries – the Federal Bureau of Investigation is seeking to reposition its priorities and fortify its capacity to fight cybercrime. The Federal Bureau of Investigation, our nation’s and perhaps the world’s premier law enforcement agency, has a broad mandate to protect the United States... More
  • New Utah Privacy Law Requires Search Warrant Companies from California to New York are already scrambling to comply with a growing patchwork of privacy laws covering both businesses and consumers. And now, Utah has picked up the proverbial gauntlet and is poised to become the first state to enact a privacy law that requires local law enforcement to obtain a search warrant to access electronic information stored by third parties. The new law – called the “Electronic Information or Data Privacy Act” or H.B. 57 –... More
  • Are Bug Bounty Programs Worth It?   Almost weekly, it seems there is another news article about a bug bounty program sponsored by a major corporation where an amateur hacker – often a teenager – is paid a sizeable sum of money for finding a bug in a company’s operating system or code. Often, these articles describe just how much money these teens make from bug bounty programs; one headline from March 12, 2019 states how bug bounty programs have made “one teen a millionaire hacker.”... More
  • FTC Looks to NY’s Cyber Regulation in Proposed Changes to Safeguards Rule When New York’s far-reaching cybersecurity law for financial institutions was enacted more than two years ago, some predicted it would serve as a national blueprint for future data security laws. Now, as the U.S. Federal Trade Commission considers changes to two privacy rules designed to safeguard customer information held by financial institutions, the proposed changes to one law – the Safeguards Rule – hue closely to a handful of requirements already in place in New York. It’s not surprising, then,... More
  • NY Appellate Court Slams Use of Hacked Email When we hear about discovery abuses in litigation, we often think of overzealous lawyers using obstructionist tactics. Such behavior, however, rarely involves litigants hacking into the email of an adversary or accessing privileged attorney-client communications that disclose litigation strategies. But in a unanimous ruling last week, a New York state appeals court found that a litigant’s “improper and willful” misconduct – which included “improperly accessing approximately 12,000 of defendant’s privileged attorney/client communications … [and] deleting relevant documents” – justified the... More
  • Yet Another Proposal to Require Disclosure of Board’s Cyber Expertise Before investing in a company, would you want to know whether the board of directors had cybersecurity expertise? A bipartisan group of senators have proposed a bill, Senate Bill 592, that would require every public company to disclose the cybersecurity background of its directors, and, if none exists, explain why the company doesn’t believe it is necessary. The new legislation—formally “A bill to amend the Securities and Exchange Act of 1934 to promote transparency in the oversight of cybersecurity risks... More
  • MyFitnessPal Data Breach Lawsuit Sent to Arbitration Many consumers have become painfully aware of the risks that data breaches pose in a digital world. And now, their legal claims may not be ultimately decided by a judge or jury but sent off to arbitration. Earlier this month, a federal judge in California did just that and sent a proposed class action data breach case to arbitration. U.S. District Judge Fernando M. Olguin held that the plaintiff had “clearly and unmistakably delegated the arbitrability issue to the arbitrator,”... More