Category Archives: Articles

This article was first published on IRMI.com and is reproduced with permission. Copyright 2012, International Risk Management Institute, Inc As breaches continue to occur and affected organizations determine whether and how to disclose these breaches, breaches and disclosure continue to be the subject of reports as well as media, legislative, and regulatory attention. See, for example, Melissa J. Krasnow, Securities and Exchange Commission Issues Guidance on Cybersecurity and Cyber Incident Disclosure (Dec. 2011). by Melissa J. Krasnow Partner, Dorsey & Whitney LLP The 2011 Verizon Data Breach Investigations Report examined breaches that Verizon, the U.S. Secret Service, and the Dutch … [ Continue reading → ]

You may not, as reflected in the recently reported decision of Eagle v. Morgan, 2011 WL 6739448 (E.D. Pa. December 22, 2011) where both the employee and her former employer claim ownership in the employee’s LinkedIn account, the popular social networking site for business professionals. The dispute is starkly drawn in the litigation’s opposing pleadings and provides a strong warning to the hundred million plus LinkedIn users and other users of social media who operate under the assumption that their social media accounts belong solely to them to transfer as they please when they change jobs. The facts in the … [ Continue reading → ]

During last week’s oral argument before the 9th Circuit Court of Appeals on the case of U.S. v. Nosal, 642 F.3d 781 (9th Cir. 2011), reh’g en banc granted (Oct. 27, 2011), members of the Court, including most notably Chief Judge Alex Kozinski, spent a substantial amount of time questioning the government lawyer about whether a Facebook user could be criminally prosecuted (meaning the person would face serious jail time) under the Computer Fraud and Abuse Act (“CFAA”) for lying about their personal information in signing up for a Facebook account. The full oral argument can be viewed at the … [ Continue reading → ]

Four separate circuit court rulings this year enhanced the ability of businesses to use Computer Fraud and Abuse Act. 


 To print or view this article as a pdf go to: link By Nick Akerman
 Four recent decisions handed down by four different federal courts of appeals during the past year have, in combination, greatly enhanced the ability of businesses to use the Computer Fraud and Abuse Act (CFAA) as a tool to protect competitively sensitive data and personal information stored in company computers. The CFAA is the federal computer crime statute that permits companies that have been victimized by … [ Continue reading → ]

BY MELISSA J. KRASNOW Background The U.S. Securities and Exchange Commission on occasion provides disclosure guidance on topics of interest to the business and investment communities. The SEC said recently that it has observed ‘‘an increased level of attention focused on cyberattacks.’’ The rash of costly cyberattacks against companies like Epsilon and Sony, among others, gave the SEC cause to implement new cybersecurity disclosure requirements. On Oct. 13 the SEC Division of Corporation Finance issued guidance for public companies regarding their disclosure obligations relating to cybersecurity (i.e., the body of technologies, processes and practices designed to protect networks, systems, computers, … [ Continue reading → ]

The Eight Circuit Court of Appeals upheld the criminal conviction of Sandra Teague for accessing President Obama’s data in the National Student Loan Data System during her employment at a government contractor for the Department of Education. U.S. v, Teague, 646 F.3d 1119 (8th Cir. 2011). She was indicted and convicted by a jury for one count of exceeding unauthorized access to a computer in violation of 18 U.S.C. § 1030 (a)(2)(B), of the Computer Fraud and Abuse Act (“CFAA”). This section of the CFAA makes it a crime to intentionally exceed authorized access to a computer and obtain information … [ Continue reading → ]

Melissa J. Krasnow, Dorsey & Whitney LLP In March 2011, a Final Judgment by Consent was issued in Massachusetts v. Briar Group, LLC, which involves a 2009 Massachusetts data breach and implicates the Massachusetts privacy regulation and the Payment Card Industry Data Security Standard (“PCI DSS”).1 The Massachusetts privacy regulation applies to a person or entity that owns or licenses personal information about a Massachusetts resident, meaning their first and last name or first initial and last name in combination with a (i) Social Security Number, (ii) driver’s license or state‐issued identification card number or (iii) financial account number or … [ Continue reading → ]

The answer is yes. The Sixth Circuit Court of Appeals last week reversed a district court and reinstated a Computer Fraud and Abuse Act (“CFAA”) claim brought by an employer against a labor union for “bombarding” the computer systems of its sales and executive offices with emails and voicemails making it impossible for the company to communicate with its customers and vendors. Pulte Homes, Inc v. Laborers’ International Union of North America, 2011 WL 3274014 (6th Cir. Aug 2, 2011). This case is a good example of how the federal Circuit Courts of Appeal are taking control of the interpretation … [ Continue reading → ]

The New York Times recently reported that the UK telephone hacking scandal could result in News Corp. and its executives being charged in the United States with criminal violations of the Foreign Corrupt Practices Act, Title 15, U.S.C. § 78m, the Electronic Communications Privacy Act, 18 U.S.C. § 2511, and the Telephone Records and Privacy Protection Act, 18 U.S.C. § 1039. See NYT, “News Corp. Braces for Legal Trouble in the U.S.,” July 18, 2011. What the New York Times, as well as all of the politicians and pundits who have commented on this issue, failed to mention is that … [ Continue reading → ]