Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • DFS Final Cyber Regulation: Accountability at the Top Over the last few months, the New York Department of Financial Services (“DFS”) cybersecurity regulation has undergone multiple revisions.  But late last week, DFS issued its final regulation, which will go into effect on March 1, 2017. The final regulation does not differ materially from the draft issued on December 28, 2016, with a few... More
  • Final DFS Cybersecurity Regulation Issued New York’s Department of Financial Services issued its final Cybersecurity Regulation last night with an effective date of March 1, 2017. For a comparison between the previous proposal and the final regulation, please click here. The changes from the prior draft—issued on December 28, 2016—are generally minor and not substantive, with one exception. The final... More
  • Fourth Circuit Weighs In on Article III Standing in Data Breach Suits Earlier this month, the Fourth Circuit weighted in with the most recent decision in the developing case law on Article III standing in data breach litigation, a topic that we have been covering extensively on this blog. The case, Beck v. McDonald, is a consolidated appeal that arose out of two lawsuits brought by veterans... More
  • Does Facebook Have the Right to Challenge Search Warrants Seeking Facebook Users’ Data? New York’s Highest Court Hears Argument Facebook is the latest social media giant to push back on law enforcement efforts to seek user information.  On Tuesday, the New York Court of Appeals heard oral argument in a case focusing on whether Facebook has the right—or legal standing—to challenge bulk search warrants issued by the Manhattan District Attorney’s office for its users'... More
  • Third Circuit Finds FCRA Violation Alone Confers Standing for Data Breach Suit The United States Court of Appeals for the Third Circuit recently ruled that a data breach class action may proceed on the basis of a Fair Credit Reporting Act (FCRA) violation alone, even where the putative class members do not allege that they were actually harmed by the breach.  The ruling, which both relies on... More
  • Appeals Court Sends Target Settlement Back Today, the U.S. Court of Appeals for the Eighth Circuit vacated the class action settlement between Target Corp. and consumers whose card data was compromised in the company’s 2013 data breach.  The settlement agreement required Target to create a $10 million settlement fund for the class of consumers.  Under the agreement, class members with “documented”... More
  • Ajit Pai and the FCC’s Role in ISP Privacy Regulation under President Trump On January 23, 2017, President Donald Trump named Ajit Pai as Chairman of the Federal Communications Commission (FCC).  In his previous role as the senior Republican on the FCC under President Barack Obama, Mr. Pai was an outspoken critic of the agency’s decision to assert jurisdiction over Internet Service Providers (“ISPs”) and its rules governing... More
  • Rock and a Hard Place: Banks In Search of Compliance Amid Diverging Regulatory Regimes Last year was the first that national banks and federal savings associations subject to supervision by the Office of the Comptroller of the Currency (“OCC”) were armed with a sense of the agency’s regulatory expectations when it came to cybersecurity.  As we noted early last year, in an agency report, the OCC specified that, going... More
  • Second Circuit Court of Appeals Denies Rehearing in Microsoft Case Back in December 2013, a U.S. magistrate issued a seemingly routine warrant in a narcotics case demanding that Microsoft turn over messages from a customer’s email account that resided on a server in Ireland.  That warrant, which issued under a 1986 law called the Stored Communications Act (“SCA”), 18 U.S.C. § 2703, is still being debated... More
  • SEC Reportedly Wants To Know What Took Yahoo! So Long To Disclose Massive Data Breaches The U.S. Securities and Exchange Commission is reportedly looking into whether two data breaches at Yahoo!, Inc. should have been disclosed earlier.  In a front page article today, the Wall Street Journal reported that “people familiar with the matter” say the SEC is investigating whether Yahoo!’s disclosures complied with the securities laws. Last year, in... More