The Supreme Court Reenters the Fray on Privacy

On June 5, the Supreme Court agreed to review a case addressing an individual’s expectation of privacy in his or her historical cellphone location records. This case may well change the way we approach individual privacy in the digital age – not only with regard to cell phone records, but also information relating to email and internet activity, among other things. Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and reworked further. The Executive Order calls for a government-wide review and analysis of federal information technology infrastructure, including known risks and vulnerabilities, as well as consideration of the U.S.’s cybersecurity capabilities in relation to the rest of the world. Continue Reading

WannaCry Ransomware Alert

This is not a drill.

Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of the data. The owner or user of the computer is then faced with an ominous screen, displaying a countdown timer and demand that a ransom of $300 be paid in bitcoin before the owner can regain access to the encrypted data. The price demanded increases over time until the end of the countdown, when the files are permanently destroyed. To date, the total amount of ransom paid by companies is reported to be less than $60,000, indicating that companies are opting to let their files be destroyed and to rely instead on backups rather than pay the attackers. Nevertheless, the total disruption costs to businesses is expected to range from the hundreds of millions to the billions of dollars. Continue Reading

FTC / DAA Extend Data Privacy Focus to Cross-Device Tracking

Enforcement of the Digital Advertising Alliance “Application of the Principles of Transparency and Control to Data Used Across Devices” (DAA Cross-Device Principles) officially began on February 1, just a week after the FTC issued a staff report discussing the application of the FTC Online Behavioral Advertising Principles in the context of “Cross Device Tracking” and suggesting that the DAA Cross-Device Principles, while commendable, could be stronger. Continue Reading

New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business in New York.  The DFS Rule will become effective on March 1, 2017.

Continue Reading

What You Really Need To Know About The GDPR

Much has been written about the challenges and issues that companies will face when implementing new policies and adjusting to the obligations of the new European General Data Protection Regulation, GDPR in short. The following paragraphs will give you the gist of the new Regulation and the essential elements that you must take into consideration in your endeavors to adjust to the GDPR, which will take effect across the EU as of May 25, 2018. There is enough time for your organization to adjust, but work must start now. Our key approach in implementing new obligations and making the necessary adjustments to this new European framework for personal data collection and processing is based on two simple rules: simplicity and efficiency.

Continue Reading

Congress Likely to Focus on Cybersecurity in the Private Sector

In a recent article in Entrepreneur, Sheppard Mullin partner Jonathan Meyer, a former Senate counsel to Vice President Biden and Deputy General Counsel at the Department of Homeland Security, points out that Congressional oversight of companies is likely to increase in the next two years, and that cybersecurity is among the hottest topics it is likely to focus on.  The public’s increasing attention to issues such as DDoS attacks, the vulnerability of the Internet of Things, and allegations of politically-motivated hacks from overseas will only increase this likelihood.  As always, companies should keep an eye on Capitol Hill, and be ready for what might come their way.

Continue Reading

Don’t Lose Your DMCA Safe Harbor Protection!

The U.S. Copyright Office’s new electronic system for copyright-agent registration and maintenance goes into effect on December 1, 2016, and with it comes new rules. Beginning December 1, all online service providers must submit new designated-agent information to the Copyright Office through the online registration system. Electronic designations should be filed on December 1, 2016, or as soon as possible thereafter. Service providers who fail to timely submit electronic designations will be ineligible for the safe harbor from copyright-infringement liability provided by § 512(c) of the Digital Millennium Copyright Act.

Continue Reading

FCC Issues New Privacy Rules for Internet Service Providers: Safeguarding Consumers or Lulling Them Into A False Sense of Privacy?

Last Thursday, in a vote split along party lines, the Federal Communications Commission (“FCC”) approved a new regulatory regime staking its claim to privacy regulation of both fixed and mobile Internet service providers (“ISPs”) like Comcast, Verizon, and AT&T.  The FCC’s rules follow its decision in the Open Internet Order, released last year and analyzed here, to classify broadband Internet access service as a common-carrier telecommunications service.  The FCC’s new rules are intended to give consumers control over the ways in which ISPs use and share their customers’ private information.  While the FCC has yet to release its Report and Order, the FCC’s Fact Sheet and statements by the commissioners indicate that the new privacy rules in many respects track the proposed rules the FCC put forward earlier this year, which seek to make the FCC the “toughest” privacy regulator in the Internet ecosystem by imposing on ISPs significantly more onerous and restrictive requirements for use and collection of consumer data than the Federal Trade Commission (“FTC”) imposes on its non-ISP competitors.

Continue Reading

No Protection for Network Marketing Provider That Had Knowledge and Authority to Control Deceptive Conduct of Affiliates

In Federal Trade Commission v. LeadClick Media, LLC, 2016 U.S. App. LEXIS 17383 (2nd Cir. 2016), the Second Circuit recently held that an affiliate marketing network provider could be subjected to liability under the Federal Trade Commission Act (“FTC Act”) for deceptive marketing materials published by the affiliates.  It also concluded that Section 230 of the Communications Decency Act (“CDA”) did not immunize the network provider from liability.  In doing so, the Second Circuit emphasized that the network provider had knowledge of and the authority to control the content of the affiliate websites.  This ruling could increase the exposure of internet businesses to liability for deceptive acts or practices engaged in by third-party vendors or independent contractors.

Continue Reading

LexBlog