Data Security Law Blog

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law. Patterson Belknap’s Privacy and Data Security practice provides public and private enterprises, their leadership teams and boards with comprehensive services in this critical area. Our team of experienced litigators, corporate advisors and former federal and state prosecutors advises on a broad range of privacy and data protection matters including cyber preparedness and compliance, data breach response, special board and committee representation, internal investigations, and litigation.

A New Era of COPPA Enforcement?

by Joshua R. Stein and Alejandro H. Cruz on September 25, 2019

Earlier this month, YouTube and its parent company, Google, entered into a record $170 million proposed settlement to resolve allegations brought by the Federal Trade Commission (FTC) and the New York Attorney General (NYAG) under the federal Children’s Online Privacy Protection Act (COPPA). According to the complaint in the case, YouTube collected personal information on video channels directed to children without parental consent using persistent identifiers that can track individuals across the Internet. This is the largest penalty to date in a COPPA enforcement action.

A Shield From Cyber Liability: Beyond the Statute

Part 3 in a 3-Part Series

by Joshua R. Stein, Alejandro H. Cruz and Peter C. Harvey on June 28, 2019

As we’ve written about in the past, the SAFETY Act has the potential to help companies mitigate their risk from cyber-terrorism. As previously noted, the statute has never been fully tested in courts, so the full contours of its protection remain uncertain. Nonetheless, the benefits of SAFETY Act approval may extend well beyond those mandated by Congress: to the right company, SAFETY Act approval could be a significant market differentiator and, in the right circumstances, could be a powerful tool in litigation even when the Act does not itself apply.

A Shield From Cyber Liability: Diving Deeper Into the SAFETY Act

Part 2 in a 3-Part Series

by Joshua R. Stein, Alejandro H. Cruz and Peter C. Harvey on May 13, 2019

As we’ve discussed in previous posts, the SAFETY Act has the potential to serve as a valuable tool for companies looking to mitigate risk from cyber-terrorism. This is part two of a three-part series; be sure to read part one, which describes how the SAFETY Act applies to cybersecurity.

A Shield From Cyber Liability: Integrating SAFETY Act Protections Into Institutional Cyber Governance

by Joshua R. Stein, Alejandro H. Cruz and Peter C. Harvey on January 29, 2019

An obscure federal law called the SAFETY Act recently captured national headlines when MGM Resorts International invoked it in a series of pre-emptive, declaratory judgment law suits against the victims of the 2017 Harvest Festival Las Vegas shooting. MGM sued the victims in an effort to avoid liability in connection with the tragedy. MGM owns the Mandalay Bay hotel, where Stephen Paddock, from his 32nd floor suite, shot and killed 58 people and wounded hundreds more who were attending a music festival next door.

MGM’s Fight for SAFETY Act Protection Takes a Timeout

by Joshua R. Stein and Alejandro H. Cruz on November 12, 2018

MGM Resorts International has hit the pause button in its gambit to shield itself from liability stemming from the October 2017 shooting at the Mandalay Bay Hotel in Las Vegas.

As we reported previously, MGM has brought more than a dozen declaratory judgment lawsuits against the victims in the deadliest mass shooting in modern U.S. history, arguing that claims against the casino giant are barred by federal law. MGM has released a statement saying it hopes to avoid years of litigation by exploring potential settlement options, and adding that “years of protracted litigation is in no one’s best interest.”

Joshua R. Stein, Associate