Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • MGM Resolves Las Vegas SAFETY Act Litigation After over 18 months of private mediation, MGM Resorts International has finally dismissed a series of declaratory judgment actions the company brought against victims of the Route 91 Harvest Festival shooting.  Those cases stem from the October 2017 Las Vegas shooting in which Stephen Paddock killed 58 people and wounded hundreds more from his hotel room in the Mandalay Bay hotel, owned by MGM.  That event resulted in thousands of threatened legal actions against MGM by victims of the shooting,... More
  • Magistrate Judge Finds Data Breach Investigation Report Not Privileged Last week, a magistrate judge in the Eastern District of Virginia held that a breach report prepared by Mandiant (a digital forensics investigator, among other things) in response to the Capital One data breach was not protected by the attorney work product doctrine.  First some background:  In 2019, a hacker “gained unauthorized access” to Capital One’s network.  According to the company, the event “affected approximately 100 million individuals in the United States.”  Capital One says no credit card numbers... More
  • New York State AG Probe of Zoom Results in Enhanced Cybersecurity Practices The Zoom videoconferencing platform has been a constant fixture in recent news as the coronavirus pandemic has caused businesses around the world to flock to it, exposing significant cybersecurity and privacy concerns.  These concerns drew the attention of the New York State Attorney General’s Office (“NYAG”), which initiated an investigation into the company’s cybersecurity practices in March, following a massive surge in use.  The NYAG’s investigation came to a conclusion on May 7, 2020, when it reached a settlement with... More
  • COVID-19 Cyber Risks Continue to Grow As we previously detailed, the coronavirus pandemic has expanded opportunities for nefarious actors to exploit the digital vulnerabilities of individuals, local governments, industries, organizations, and essential services as they rapidly adapt to the public health crisis. Recent reports have confirmed that attacks and cyber scams associated with the pandemic are in fact on the rise. On May 4, a new report released by Palo Alto Networks underscored the seriousness of these threats. Palo Alto reviewers searched for domain names using... More
  • Privacy Suits Against Zoom and Houseparty Test the CCPA’s Private Right of Action Over the past month, many have discovered video chat and conferencing apps such as Zoom and Houseparty, using them for both business and to keep connected to friends and family during this period of global social distancing. Increased usage of these apps has also resulted in close scrutiny of their privacy practices by the public and government authorities. Indeed, Zoom has been hit with eight class actions that were recently consolidated, while separate plaintiffs sued the owners of Houseparty. A... More
  • New York SHIELD Act in Full Effect During COVID-19 Crisis On March 21, 2020—just as the COVID-19 crisis began upending our way of life—New York State’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into effect fully.  The SHIELD Act, which amends New York’s 2005 breach notification law to “keep pace with current technology,” was signed into law on July 25, 2019 by Governor Andrew Cuomo.  The first phase of the Act went into effect in October 2019, and its second phase took effect last month. The SHIELD... More
  • Supreme Court Grants Cert to Resolve Long-Standing CFAA Circuit Split We have previously written about the thorny questions surrounding the Computer Fraud and Abuse Act (“CFAA”), including how its ambiguous language concerning what computer use is “authorized” has divided the Circuits and how its provisions are, and are not, applied by prosecutors in practice.  The Supreme Court declined to address the circuit split in 2017, but yesterday the Court granted cert in Van Buren v. United States to squarely resolve the issue. As a reminder, the CFAA (18 U.S.C. §... More
  • Governmental Organizations Across the Globe Warn of Enhanced Cyber Threat Environment Related to COVID-19 In recent weeks, we have seen growing threats to cybersecurity and privacy from malicious actors seeking to exploit the COVID-19 pandemic. As companies transition their employees to remote working and focus their efforts on core business continuity, hackers are actively targeting companies’ cloud-based remote connectivity, lack of multi-factor authentication, and potentially insecure digital infrastructure to exploit vulnerabilities. The need for robust cybersecurity measures is more pressing than ever, and governmental organizations are issuing calls to action. This past weekend, INTERPOL... More
  • HIPAA Regulator Relaxes Enforcement for Telehealth Services During the COVID-19 Crisis In response to the COVID-19 pandemic, on March 17, 2020, the Office for Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) issued a notification of enforcement discretion, announcing that it would not impose civil penalties for HIPAA violations “against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency” (the “Notification”).  The Notification is important because, ordinarily, providing telehealth services does not modify a covered entity’s... More
  • COVID-19 Cybersecurity Threats Spiral as Businesses Implement Prophylactic Security Measures As businesses increasingly shift to remote working environments, the COVID-19 public health pandemic presents new cybersecurity challenges each day.  As we discussed in our earlier post, hackers are actively targeting companies’ cloud-based remote connectivity, lack of multi-factor authentication, and potentially insecure digital infrastructure to exploit lax cyber-hygiene.  As companies struggle to maintain business continuity, the need for robust cyber security measures is more pressing than ever. Cisco Talos’ latest threat report warns that three specific types of scams are... More