Microsoft scored an important victory when the Second Circuit ruled that the government is not authorized to issue warrants for customer data stored overseas. In re Warrant to Search a Certain E-mail Account Controlled & Maintained by Microsoft Corp. should offer a level of comfort for the cloud computing industry as a whole and for U.S. companies that have an international storage footprint.
The circumstances surrounding the replacement of Lu Wei as head of the Cyberspace Administration of China in June remain difficult to discern, but the politics surrounding its leadership seem not to have deflected the CAC from its mission to assert more control over cyberspace.
The CAC – also known as the Office of the Central Leading Group for Cyberspace Affairs – has issued new regulations which took effect on 1 August 2016 and place obligations on providers of mobile internet applications, or “apps”, that seem to mirror those placed on website and social media operators.
Companies should take three steps now to ensure use of the Defend Trade Secrets Act.
In May, President Barack Obama signed into law the Defend Trade Secrets Act that creates a federal civil cause of action for the misappropriation of trade secrets. This new law amends the Economic Espionage Act, which makes it a federal crime to steal and use trade secrets. Title 18 U.S.C. 1831, et. seq. For companies that depend on confidential information to provide them a competitive edge, there are several proactive steps they should take to ensure their use and the full benefits of this statute if their trade secrets are stolen.
Most significantly, the Defend Trade Secrets Act, unlike the state trade secrets laws, provides for an ex parte “order for the seizure of property necessary to prevent the propagation or dissemination of the trade secret,” upon a showing of “exceptional circumstance.” Traditional state court equitable remedies are limited to a temporary restraining order and a preliminary injunction. The law also makes the theft, possession and use of trade secrets a predicate act for the Racketeer Influenced and Corrupt Organizations Statue, which can form the basis of a civil RICO action for treble damages and attorney fees. (In the past, federal courts have been reluctant under most circumstances to find a RICO “pattern” for trade secrets theft as part of a scheme to defraud based on the mail and wire fraud statutes. See, e.g., Bro-Tech Corp. v. Thermax (E.D. Pa. 2009).
The White House and its top security advisors are regularly advised about cyberintrusions and as a result the “time has come for CEOs and Boards to take personal responsibility for improving their companies’ cyber security” according to Former White House Senior Director for Cybersecurity Sameer Bhalotra. In the recent report from LogRhythm entitled “The Cyber Threat Risk – Oversight Guidance for CEOs and Boards” Bhalotra went to say:
Global payment systems, private customer data, critical control systems, and core intellectual property are all at risk today.
As cyber criminals step up their game, government regulators get more involved, litigators and courts wade in deeper, and the public learns more about cyber risks, corporate leaders will have to step up accordingly.
While cybersecurity risks have increased, government regulation has traditionally lagged behind. Recently, some government entities have tried to catch up by mandating that companies take a proactive approach toward protecting personal and competitively sensitive data. The move is a departure from the traditional reactive response of simply notifying consumers after their personal data is breached.
With this shift in emphasis, companies are asking the obvious questions: “What are we expected to do and what is a proactive cybersecurity compliance program?”
Both on the state level and through federal regulatory agencies, the government is beginning to dictate a comprehensive compliance approach to data protection. Late last year, the U.S. Securities and Exchange Commission’ s Cybersecurity Examination Initiative directed broker-dealers to “further assess cybersecurity preparedness in the securities industry.” Thus, the SEC announced that it “will focus on key topics including governance and risk assessment, access rights and controls, data loss prevention, vendor management, training and incident response.”
In two independent and much-anticipated actions, separate EU entities took actions which will continue to complicate the ability of US companies to do business in Europe.
Company Computers Under Attack: Big Dollars and Private Data Are Being Stolen Every Day: What Are You Doing About It? Join Us for a Cybersecurity Breakfast Briefing Cutting Edge Use of the Civil Remedy in the Federal Computer Crime Statute — the Computer Fraud and Abuse Act Thursday, April 14,… Read More
By: Chris Koa and Walter Impert With the shift from traditional hard copy paper documents towards electronic records stored Cloud Computing-based software and services (eg, iCloud, Dropbox, Google Drive, etc.), access to and use of digital assets by fiduciaries after death or incapacitation of the owner has emerged as a key estate planning consideration…. Read More
By: Barry Glazer, Ron Moscona and Chris Koa Significant uncertainty and concern regarding US companies’ ability to process and use personal data received from the EU has loomed since the October 2015 decision by Europe’s highest court invalidating the EU-US Safe Harbor. US and EU regulators earlier this week announced conceptual agreement regarding a new… Read More
In December, a divided panel of the U.S. Court of Appeals for the Second Circuit in U.S. v. Valle interpreted the Computer Fraud and Abuse Act to exclude employees who access their employer’s computers. The upshot is that if you are an employee in the Second Circuit and steal data from your employer to commit identity theft or to provide it to a competitor, you cannot be prosecuted by the Department of Justice or sued by your employer under the CFAA.