Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Digital Divide Deepens: Tech Community Backs Second Circuit in Clash with Magistrates over Reach of U.S. Warrants The technology community took aim at a recent federal magistrate’s ruling that ordered Google Inc. to comply with search warrants seeking customer emails stored on servers abroad, calling the decision “an impermissible extraterritorial application of U.S. law.” In rejecting a recent federal appeals court decision in a similar case in favor of Microsoft Corp., U.S.... More
  • Privilege Waiver: Is Your File-Sharing Site a Public Park Bench? While courts and the Federal Rules of Evidence take an increasingly pragmatic approach to the question of when inadvertent disclosure of privileged information results in waiver, a recent federal magistrate’s ruling serves as a potent warning that use of a file-sharing site – without sufficient safeguards – may constitute a waiver. Harleysville Insurance Co. v.... More
  • Home Depot Settles with Financial Institutions for Over $25 Million in Data Breach Case New filings in the consolidated Home Depot data breach litigation, which we have previously covered on this blog, indicate that Home Depot and the remaining financial institution plaintiffs have reached a settlement. To briefly recap, back in September 2014, Home Depot announced to the public that its payment data systems had been breached by hackers, who... More
  • Digital Privacy Rights: More Confusion March 9, 2017 – Craig A. Newman wrote "Digital Privacy Rights Take A U-Turn, And Congress Needs To Act," published in Forbes on March 7, 2017. For a link, please click here. In the article, Mr. Newman looks at two recent decisions issued by federal magistrates that are contrary to the a case decided just... More
  • Law Firm Sued for Alleged Lax Data Security Obtains Significant Win in District Court Back in December of last year, we reported that for the first time, a U.S. law firm – Johnson & Bell, a mid-sized Chicago firm – was publicly named in a class action data security lawsuit.  Last month, the firm obtained a significant victory in the case. To briefly recap, two of Johnson & Bell’s... More
  • DFS Final Cyber Regulation: Accountability at the Top Over the last few months, the New York Department of Financial Services (“DFS”) cybersecurity regulation has undergone multiple revisions.  But late last week, DFS issued its final regulation, which will go into effect on March 1, 2017. The final regulation does not differ materially from the draft issued on December 28, 2016, with a few... More
  • Final DFS Cybersecurity Regulation Issued New York’s Department of Financial Services issued its final Cybersecurity Regulation last night with an effective date of March 1, 2017. For a comparison between the previous proposal and the final regulation, please click here. The changes from the prior draft—issued on December 28, 2016—are generally minor and not substantive, with one exception. The final... More
  • Fourth Circuit Weighs In on Article III Standing in Data Breach Suits Earlier this month, the Fourth Circuit weighted in with the most recent decision in the developing case law on Article III standing in data breach litigation, a topic that we have been covering extensively on this blog. The case, Beck v. McDonald, is a consolidated appeal that arose out of two lawsuits brought by veterans... More
  • Does Facebook Have the Right to Challenge Search Warrants Seeking Facebook Users’ Data? New York’s Highest Court Hears Argument Facebook is the latest social media giant to push back on law enforcement efforts to seek user information.  On Tuesday, the New York Court of Appeals heard oral argument in a case focusing on whether Facebook has the right—or legal standing—to challenge bulk search warrants issued by the Manhattan District Attorney’s office for its users'... More
  • Third Circuit Finds FCRA Violation Alone Confers Standing for Data Breach Suit The United States Court of Appeals for the Third Circuit recently ruled that a data breach class action may proceed on the basis of a Fair Credit Reporting Act (FCRA) violation alone, even where the putative class members do not allege that they were actually harmed by the breach.  The ruling, which both relies on... More