Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Countdown to the First Annual New York DFS Cyber Regulation Certification On February 15th, organizations subject to the New York Department of Financial Services Cybersecurity Regulation are required to submit their first annual certification attesting to their compliance with the state’s new data security requirements. The certification must be signed by the Chairperson of the Board of Directors (on behalf of the Board) or another Senior Officer.  A Senior Officer in this context must be the person – or persons – who have responsibility for “the management, operations, security... More
  • Federal Appeals Court Slams Data Breach Privilege Claim In the most recent object lesson in a data breach privilege case, a federal appeals court has ordered a Michigan-based mortgage lender to turn over privileged forensic investigatory documents after the investigator’s conclusions were revealed in discovery. Background.  In the case, Leibovic v. United Shore Financial Services, LLC, et al, No. 17-2290, the plaintiff applied for a mortgage through United Shore Financial Services, LLC, a nationwide mortgage lender. In turn, United Shore used a computer software program called BlitzDocs to process... More
  • Google Puts Its SCA Warrant Appeal on Hold as High Court Prepares to Hear Microsoft Case The fight over the privacy of electronic communications and the government’s ability to reach emails stored abroad in criminal investigations has finally moved to the U.S. Supreme Court.  After years of litigation between federal prosecutors and the tech community over the reach of warrants issued under the Stored Communications Act (SCA), the Supreme Court has scheduled oral argument in United States v. Microsoft for February 27, 2018. In the case, the justices will decide whether U.S. law enforcement, when... More
  • Equifax Must Turn Over NY Breach Data This Week New York State regulators won’t be letting Equifax, Inc. off-the-hook any time soon for last year’s massive data breach that affected more than 145 million Americans. In the state’s most recent move, Equifax is required to provide New York Secretary of State Rossana Rosado with breach-related information in 11 separate categories later this week including: Equifax’s plan for making the 8.4 million New Yorkers affected by the breach “whole,” if such a plan exists; A copy of the... More
  • New York Launches Mid-Term Election Cyber Initiative Cybersecurity will remain at the top of New York State’s regulatory agenda this year. In his annual State of the State address last week, New York Governor Andrew M. Cuomo called for new measures to defend against cyber-attacks aimed at disrupting the mid-term elections.  The governor’s proposals include: Creating an Election Support Center to work with the State Board of Elections to develop regulations to secure the state’s election infrastructure against cyber-attacks.  The center would also train county... More
  • In the Cloud: DOJ Issues New Guidance for Collecting Stored Data The Justice Department is changing its approach to collecting data stored in the cloud. That’s the upshot of new DOJ guidance for criminal investigations issued late last month.  The guidance, from the DOJ’s Computer Crime and Intellectual Property Section of the Criminal Division, tells prosecutors to go directly to organizations when seeking access to their data rather than to the cloud service providers hosting the information. Collecting data stored in the cloud comes with unique challenges, according to the guidance.  In... More
  • Banner Health Class Action Claims Survive Motion to Dismiss Yesterday, a federal district court in Arizona denied in part and granted in part Banner Health’s motion to dismiss class action claims arising from a 2016 data breach.  As we reported in a previous post, hackers gained access to Banner Health’s “point-of-sale” system at food and beverage outlets at some of the health-care provider’s locations.  Banner Health announced that, because of the breach, hackers may have gained “unauthorized access to patient information” and “payment card data” for approximately 3.7 million... More
  • LabMD Appeal Has Privacy World Waiting Editors’ Note: December 21, 2017 The original version of this blog post appeared on December 18, 2017.  We have since updated the post to reflect additional information. It is the case that could define the scope of the U.S. Federal Trade Commission’s authority in data security. The U.S. Court of Appeals for the Eleventh Circuit heard argument six months ago in LabMD, Inc. v. Federal Trade Commission. As readers of this blog know, the case turns on what kind of... More
  • Beyond the Campus Gates: Cyber Tops Risks for 2018 It’s no secret that cybersecurity concerns are a daunting challenge for higher education with their sprawling networks and databases. But industry leaders are predicting that data security will be one of the most serious threats facing higher education in 2018. The number of data breaches in the sector was up 103 percent from last year for the first half of 2017. And, according to a recent survey by Netwrix, a data security analytics firm, an estimated 77 percent of U.S. universities are... More
  • Avatars, Facial Scans & Virtual Basketball: Second Circuit Tosses Biometric Privacy Case A recent federal appellate ruling delivered a significant blow to invasion of privacy claims based on facial recognition technology used to scan users’ faces that are then put on their personalized players “in-game,” allowing them to play side-by-side with basketball stars in a popular video game. In Santana v. Take-Two Interactive Software, no. 17-303, 2017 U.S. App. LEXIS 23446 (2d Cir. Nov. 21, 2017), the U.S. Court of Appeals for the Second Circuit rejected privacy claims made under the Illinois... More