New Tools for Companies Against Cybercrime

On January 2015, the Obama administration announced a series of proposals to strength­en the country’s response to cyberattacks­ including, most notably, specific amendments to the federal computer crime statute, the Computer Fraud and Abuse Act (CFAA). These changes are not only significant to the cyber­ crime-fighting efforts of federal prosecutors, but also to private companies. This is because the CFAA allows compa­nies victimized by violations of the statute to bring civil actions against the perpetrators. 18 U.S.C. 1030(g). The CFAA, among other things, makes it a crime when an individual “accesses” a computer “without authorization or exceeds authorized access” to steal data.

Board Oversight of Cyberrisks: Directors and Officers Litigation

The duty of a board to monitor and oversee organizational risk includes cyberrisks. As cyberrisks and incidents proliferate, boards are seeking to enhance the information they receive about cyberrisks and incidents. One development boards should be aware of is the decision in the Palkon v. Holmes directors and officers (D&O) litigation (2014 U.S. Dist. LEXIS 148799 (D.N.J. Oct. 20, 2014)).

Proposed Federal Breach Notification Law: Panacea or Flash in the Pan?

The Obama Administration has just released the proposed text of the Personal Data Notification & Protection Act as the latest step in its uniform federal breach notification initiative. Similar legislative efforts in the past have been unsuccessful, but there remains interest in federal legislation that would eliminate the need to navigate the patchwork of 47 different state breach notification laws. This article will highlight how the proposed federal law compares to most state breach notification requirements, and how it may impact businesses as a practical matter.

To Catch an E-Thief — Under Federal Property Law

The fundamental shift for busi­nesses in the past 15 years from paper documents to computer data has forced the courts to decide whether intan­gible electronic data should enjoy the same legal protections as physical property.

Because of this shift, it is important to review the judicial response to the electronic-data issue in the context of a feder­al criminal statute, the National Stolen Property Act (NSPA), and common law conversion.

The NSPA makes it a felony for one who “transports, transmits, or transfers in interstate or foreign commerce any goods, wares, mer­chandise … of the value of $5,000 or more, knowing the same to have been stolen, converted or taken by fraud.” Conversion is the state civil cause of action for the theft of property.

California Privacy Laws Change: Identity Theft and Mitigation Services

Continuing the trend of changes in state breach notification and related laws, Cal. A.B. 1710 amends California’s breach notification, security procedures, and Social Security number (SSN) laws in the wake of significant data breaches, particularly in the retail sector. (See “Changes in State Breach Notification Laws.”)

Changes in State Breach Notification Laws

As data breaches continue to occur, breach notification laws are being amended or enacted. In the United States, state and federal breach notification laws should be monitored carefully regarding changes, as should breach notification laws in other countries (e.g., Canada).

As of July 15, 2014, 47 states (other than Alabama, New Mexico, and South Dakota) plus the District of Columbia, Guam, Puerto Rico, and Virgin Islands have breach notification laws. This article addresses changes in state breach notification laws.

SEC Playing  Bigger Role in Cybersecurity

Cybersecurity threats have reached a point where they cannot go ignored by any government agency,even the U.S. Securities and Exchange Commission. Although an agency that is tasked with protecting investors is not one that typically comes to mind in the battle against cyberthreats,the SEC does maintain jurisdiction over cybersecurity issues for public companies, broker dealers and investment advisers, due to its responsibilities for ensuring the disclosure of material information, integrity of market systems and customer data protection.

Common Flaws in Computer Fraud Class Actions: Lawsuits claiming unauthorized use of smartphone tracking technology are lacking key elements.

A number of class actions have recently been filed in federal district courts, predicated, in part, on alleged violations of the federal computer crime statute, the Computer Fraud and Abuse Act, complaining of tracking software placed on iPhone and Android devices and unwanted text messages. Decisions in these cases have implications for filing a valid CFAA civil action.

Message from New York Court: Rely on CGL Policy Coverage for Data Breaches at Your Own Peril

A New York trial court announced a decision on February 21, 2014, that may be a harbinger of wide-reaching limitations on insurance coverage for data breaches under commercial general liability (CGL) policies. The court’s ruling, while subject to appeal, demonstrates the hazards of relying on traditional CGL policies for coverage for data breaches. The lawsuit, Zurich… Read More

Post navigation