New Media and Technology Law Blog

Category Archives: Data Security

Subscribe to Data Security RSS Feed

App Store Protected by CDA Immunity (and Limitation of Liability) for Losses from Fraudulent Crypto Wallet App

In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in a motion to dismiss, a platform provider … Continue Reading

DOJ Revises Policy for CFAA Prosecution to Reflect Developments in Web Scraping and Other Matters

On May 19, 2022, the Department of Justice (DOJ) announced that it had revised its policy regarding prosecution under the federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA). Since the DOJ last made changes to its CFAA policy in 2014, there have been a number of relevant developments in technology and business practices, … Continue Reading

English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack

In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the … Continue Reading

Supreme Court Ends Long-Running Circuit Split over CFAA “Exceeds Authorized Access” Issue, Adopting a Narrow Interpretation That Will Reverberate in Scraping Disputes and Litigation over Departing Employees

In a closely-watched appeal, the Supreme Court, in a 6-3 decision, reversed an Eleventh Circuit decision and adopted a narrow interpretation of “exceeds unauthorized access” under the Computer Fraud and Abuse Act (CFAA), ruling that an individual “exceeds authorized access” when he or she accesses a computer with authorization but then obtains information located in … Continue Reading

How to Respond to the SolarWinds “Orion” Supply Chain Attack

As reported last week, it appears that a state-sponsored security hack has resulted in a major security compromise in widely-used software offered by a company called SolarWinds. The compromised software, known as Orion, is enterprise network management software that helps organizations manage their networks, servers and networked devices. The software is widely-used by both public … Continue Reading

Supreme Court Hears Oral Argument in Its First CFAA Case

On November 30, 2020, the Supreme Court held oral argument in its first case interpreting the “unauthorized access” provision of the Computer Fraud and Abuse Act (CFAA). The CFAA in part prohibits knowingly accessing a computer “without authorization” or “exceeding authorized access” to a computer and thereby obtaining information and causing a “loss” under the … Continue Reading

Protecting Business Information Assets in the “Work From Home” Environment

This past March, many organizations were forced to suddenly pivot to a “work from home” environment (“WFH”) as COVID-19 spread across our country.  However, many companies did not have the necessary technical infrastructure in place to support their full workforce on a WFH basis.  Often, remote access systems were configured assuming only a portion of … Continue Reading

Protecting against Cybersecurity Threats when Working from Home

With the spread of the novel coronavirus (COVID-19), many organizations are requiring or permitting employees to work remotely.  This post is intended to remind employers and employees that in the haste to implement widespread work-from-home strategies, data security concerns cannot be forgotten. Employers and employees alike should remain vigilant of increased cybersecurity threats, some of … Continue Reading

Court Enforces Arbitration Clause in Online Terms of Service Accepted by a Minor

Epic Games, Inc. (“Epic”) is the publisher of the popular online multiplayer videogame Fortnite, released in 2017. In recent years, Fortnight has gained worldwide popularity with gamers and esports followers (culminating in July 2019 when a sixteen-year-old player won the $3 million prize for winning the Fortnite World Cup).  Players, in one version of the … Continue Reading

In Outlining Its 2020 Examination Priorities, SEC Expresses Interest in Alternative Data and Cybersecurity Risks

On January 7, 2019, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced its 2020 examination priorities. In doing so, OCIE identified certain areas of technology-related concern, and in particular, on the issue of alternative data and cybersecurity. [For a more detailed review of OCIE’s exam priorities, see the Client Alert … Continue Reading

Browsewrap Terms Enforced Due to Customer Knowledge of Existence of Terms

Last month, a California district court granted a web-based service’s motion to compel arbitration of a putative class action brought by a user whose personal information was allegedly accessed in a massive 2016 data breach that involved 339 million user accounts. (Gutierrez v. FriendFinder Networks Inc., No. 18-05918 (N.D. Cal. May 3, 2019)). While the … Continue Reading

Reflections on Technology-Related Legal Issues: Looking Back at 2017; Will 2018 Be a Quantum Leap Forward?

As we approach the end of 2017, it is a time to reflect on the dizzying pace of technology evolution this year, and the amazing array of legal issues it presented. Similarly, it is a time to look forward and anticipate what technology-related issues we will be thinking about in the coming year. For 2017, … Continue Reading

California Legislature Nearing Final Debate of Biometric and Geolocation Data Security Bill

UPDATE: Prior to the close of the legislative session, the amended AB 83 failed to make it out committee. With the session ending on August 31st, the California legislature is debating a bill (AB 83) that would expand data security requirements for businesses that maintain personal information of California residents to include, among other things, protection … Continue Reading

Ninth Circuit Ruling Trimming CFAA Claims for Misappropriation Reminds Employers that Technical Network Security is the First Defense

The Ninth Circuit, sitting en banc, has upheld a district court’s dismissal of criminal charges under the Computer Fraud and Abuse Act that were predicated on misappropriation of proprietary documents in violation of the employer’s computer use policy. United States v. Nosal, No. 10-10038, 2012 U.S. App. LEXIS 7151 (9th Cir. Apr. 10, 2012).  The ruling … Continue Reading

Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply

Newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach. The regulations are national and international in scope, as they apply to all companies – wherever located– using personal data of Massachusetts residents. Although the deadline … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK