By

Edward R. McNicholas

15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

SHARE
EmailPrintShare
24 April 2017

Federal Judge Finds No General Obligation for Companies To Protect Employee Data

In a ruling on March 31, Enslin v. The Coca-Cola Co. (E.D. Pa. Mar. 31, 2017), Hon. Joseph F. Leeson, Jr., of the United States District Court for the Eastern District of Pennsylvania, dismissed a proposed class action on behalf of 74,000 Coca-Cola employees. The proposed suit was brought by a former Coca-Cola technician who claimed that his identity was stolen after a laptop with his unsecured sensitive employee information fell into the public’s hands. (more…)

SHARE
EmailPrintShare
06 April 2017

The Widening Data Breach Standing Split: Fourth Circuit Finds No Standing From Increased Risk of Future Identity Theft

The U.S. Court of Appeals for the Fourth Circuit has added to the growing circuit split on standing in data breach cases in Beck v. McDonald, No. 15-1395 (Feb. 6, 2017). The circuit split now divides at least six federal courts of appeal regarding what data-breach victims must show to establish an “injury-in-fact” under Article III. The Fourth Circuit held that merely having your personal data stolen — and the alleged corresponding increased risk of future theft—is insufficient to satisfy Article III’s injury-in-fact requirement. (more…)

SHARE
EmailPrintShare
04 April 2017

A Farewell to the FCC Broadband Privacy Rules

On April 3, 2017, President Trump signed the bill repealing the Federal Communications Commission’s much-debated broadband privacy rules. The House of Representatives voted 215–205 to disapprove the rules, after a party-line Senate vote of 50–48. The result is that the FCC’s key rules governing internet service providers’ collection and use of consumer data, as well as data security, will not go into effect as scheduled. Moreover, the FCC will be precluded from promulgating any regulation in “substantially the same” form until a future Congress allows such action.

(more…)

SHARE
EmailPrintShare
15 February 2017

Chronicles from the Standing Wars: Third Circuit Rules Disclosures of Personal Data in Violation of FCRA De Facto Injury

The Third Circuit recently overturned a district court’s ruling on In re Horizon Healthcare Services Inc. Data Breach Litigation and gave new life to a putative class action over a data breach.  No. 15-2309 (Jan. 20, 2017).  The Third Circuit panel held that allegations of unauthorized disclosure of personal information in violation of the Fair Credit Reporting Act (“FCRA”) constituted a de facto injury sufficient to establish Article III standing.  Plaintiffs did not allege identity theft, any other misuse of the compromised data, or even any mitigation costs.

(more…)

SHARE
EmailPrintShare
25 January 2017

Fate Unclear for Obama Administration Cyber Sanctions

On December 28, 2016, former President Obama issued Executive Order 13757, Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities (E.O. 13757). E.O. 13757 amends an earlier Executive Order 13694 (E.O. 13694) of April 1, 2015[1], under which the President declared a “national emergency” to deal with the “unusual and extraordinary threat” to U.S. national security, foreign policy and the economy posed by malicious cyber-enabled activities conducted by persons outside the United States in relation to the November 2016 election. Through the December 2016 amendment, President Obama took “additional steps” to deal with such malicious cyber activities in view of their increasing use “to undermine democratic processes or institutions.”

(more…)

SHARE
EmailPrintShare
11 November 2016

The Trump Agenda for Cybersecurity and Privacy

The future of privacy and cybersecurity under President-elect Trump – with a Republican-controlled House and Senate – is far from certain, but his campaign comments indicate an emphasis on robust cybersecurity, perhaps with more openness to both offensive as well as defensive initiatives.

(more…)

SHARE
EmailPrintShare
26 September 2016

CFTC Issues Final Cybersecurity Rules on System Safeguards Testing Requirements

On September 8th, the Commodity Futures Trading Commission (“CFTC”) approved amendments (“Final Rules”) to its ”system safeguards rules.” The system safeguards rules obligate designated contract markets, swap execution facilities, and swap data repositories (for convenience, collectively referred to as “Exchanges”) as well as derivatives clearing organizations (“Clearinghouses”) to have in place cybersecurity programs of risk analysis and oversight. As part of such a program, Exchanges and Clearinghouses (collectively, “Covered Entities”) must conduct testing and review sufficient to ensure their automated systems are reasonably reliable and secure, and have adequate scalable capacity.

(more…)

SHARE
EmailPrintShare
19 September 2016

New York State Department of Financial Services Proposes Regulations Imposing Detailed Cybersecurity Rules on Insurance, Banking and Other Licensed Financial Institutions

On September 13, 2016, the New York State Department of Financial Services (“NYDFS”) proposed regulations outlining minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Proposed Regulations”). The NYDFS regulates entities and products that are subject to New York insurance, banking and financial services laws. Because the scope of the Proposed Regulations includes any entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law,” the Proposed Regulations will cover a broad range of entities in the banking, insurance and financial services industries, including insurance producers and premium finance companies.

(more…)

SHARE
EmailPrintShare
07 September 2016

Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable

*Updated on September 8, 2016

The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator