Author Archives: Nick Akerman

This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc As breaches continue to occur and affected organizations determine whether and how to disclose these breaches, breaches and disclosure continue to be the subject of reports as well as media, legislative, and regulatory attention. See, for example, Melissa J. Krasnow, Securities and Exchange Commission Issues Guidance on Cybersecurity and Cyber Incident Disclosure (Dec. 2011). by Melissa J. Krasnow Partner, Dorsey & Whitney LLP The 2011 Verizon Data Breach Investigations Report examined breaches that Verizon, the U.S. Secret Service, and the Dutch … [ Continue reading → ]

You may not, as reflected in the recently reported decision of Eagle v. Morgan, 2011 WL 6739448 (E.D. Pa. December 22, 2011) where both the employee and her former employer claim ownership in the employee’s LinkedIn account, the popular social networking site for business professionals. The dispute is starkly drawn in the litigation’s opposing pleadings and provides a strong warning to the hundred million plus LinkedIn users and other users of social media who operate under the assumption that their social media accounts belong solely to them to transfer as they please when they change jobs. The facts in the … [ Continue reading → ]

During last week’s oral argument before the 9th Circuit Court of Appeals on the case of U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011), reh’g en banc granted (Oct. 27, 2011), members of the Court, including most notably Chief Judge Alex Kozinski, spent a substantial amount of time questioning the government lawyer about whether a Facebook user could be criminally prosecuted (meaning the person would face serious jail time) under the Computer Fraud and Abuse Act (“CFAA”) for lying about their personal information in signing up for a Facebook account. The full oral argument can be viewed at the … [ Continue reading → ]

Four separate circuit court rulings this year enhanced the ability of businesses to use Computer Fraud and Abuse Act. 


 To print or view this article as a pdf go to: link By Nick Akerman
 Four recent decisions handed down by four different federal courts of appeals during the past year have, in combination, greatly enhanced the ability of businesses to use the Computer Fraud and Abuse Act (CFAA) as a tool to protect competitively sensitive data and personal information stored in company computers. The CFAA is the federal computer crime statute that permits companies that have been victimized by … [ Continue reading → ]

BY MELISSA J. KRASNOW Background The U.S. Securities and Exchange Commission on occasion provides disclosure guidance on topics of interest to the business and investment communities. The SEC said recently that it has observed ‘‘an increased level of attention focused on cyberattacks.’’ The rash of costly cyberattacks against companies like Epsilon and Sony, among others, gave the SEC cause to implement new cybersecurity disclosure requirements. On Oct. 13 the SEC Division of Corporation Finance issued guidance for public companies regarding their disclosure obligations relating to cybersecurity (i.e., the body of technologies, processes and practices designed to protect networks, systems, computers, … [ Continue reading → ]

The Eight Circuit Court of Appeals upheld the criminal conviction of Sandra Teague for accessing President Obama’s data in the National Student Loan Data System during her employment at a government contractor for the Department of Education. U.S. v, Teague, 646 F.3d 1119 (8th Cir. 2011). She was indicted and convicted by a jury for one count of exceeding unauthorized access to a computer in violation of 18 U.S.C. § 1030 (a)(2)(B), of the Computer Fraud and Abuse Act (“CFAA”). This section of the CFAA makes it a crime to intentionally exceed authorized access to a computer and obtain information … [ Continue reading → ]

Melissa J. Krasnow, Dorsey & Whitney LLP In March 2011, a Final Judgment by Consent was issued in Massachusetts v. Briar Group, LLC, which involves a 2009 Massachusetts data breach and implicates the Massachusetts privacy regulation and the Payment Card Industry Data Security Standard (“PCI DSS”).1 The Massachusetts privacy regulation applies to a person or entity that owns or licenses personal information about a Massachusetts resident, meaning their first and last name or first initial and last name in combination with a (i) Social Security Number, (ii) driver’s license or state‐issued identification card number or (iii) financial account number or … [ Continue reading → ]