Category

Litigation

26 November 2018

The Fifth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available

The fifth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. (more…)

EmailShare
01 November 2018

Ohio Law Recognizes Safe Harbor in Data Breach Litigation

Companies with robust cybersecurity programs may still be vulnerable to attack. A new, first-of-its-kind law in Ohio now recognizes this fact. On November 1, 2018, the Ohio Data Protection Act (SB 220) establishes a safe harbor from state tort actions in data breach cases for entities that have developed an information security program with “administrative, technical, and physical safeguards for the protection of personal information and that reasonably conforms to an industry recognized cybersecurity framework.” Without establishing minimum cybersecurity standards, the Ohio law affords defendants an “affirmative defense” against state tort actions and establishes an important precedent that may serve as a model for other states and the federal government to follow. (more…)

EmailShare
10 October 2018

California and Preemption

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy.  Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates.  First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year.  Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States.  As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.  (more…)

EmailShare
27 September 2018

Why it’s Unconstitutional for Politicians – Including the President – to Block People on Social Media

*This article first appeared in the Washington Post on September 26, 2018.

In a recent piece for Washington Post Outlook, Chris Fonzone and Josh Geltzer (from the Georgetown Law Center’s Institute for Constitutional Advocacy and Protection) explained why a legal case that began with a dispute between a Loudoun County supervisor and a constituent may help set a new standard for online interaction nationally:

A legal case that began with a dispute between a member of the Loudoun County Board of Supervisors and a constituent may help to set the rules for how government officials — up to and including President Trump — interact with the public online. A federal appeals court in Richmond will hear the case this week, and, while the stakes of the conflict may seem small at first — one man was banned for a day from an official’s Facebook page — it has potentially enormous First Amendment implications. (more…)

EmailShare
20 September 2018

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

On July 31, 2018, the U.S. Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters.1 The OCC has indicated it will not grant a charter to a fintech company that wishes to accept deposits or engage in fiduciary activities (for business plans that involve purely fiduciary activities, a limited purpose trust charter may provide an alternative vehicle). The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.2

On September 14, the New York State Department of Financial Services (DFS) filed a federal court complaint seeking to enjoin further actions by the OCC to implement the Fintech Charter Decision and related actions, arguing that such acts are lawless, ill-conceived and destabilizing of financial markets. DFS also argued that such acts are beyond the OCC’s statutory authority and in violation of the Tenth Amendment to the U.S. Constitution, alleging that the police power to regulate financial services and products delivered within a state’s own geographical jurisdiction is among a state’s fundamental sovereign powers.3 (more…)

EmailShare
01 August 2018

New Case Sheds Further Light on the Definition of Autodialer under the TCPA

Ever since the D.C. Circuit struck down the FCC’s overbroad rule defining “auto-dialers” under the Telephone Consumer Protection Act, district courts have debated the scope of the D.C. Circuit’s ruling: Did it effectively strike down earlier FCC pronouncements on what qualifies as an auto-dialer? In a carefully reasoned opinion, a district court judge in Chicago held last week that it did. (more…)

EmailShare
16 July 2018

Privacy as a “Fundamental Right” Clouds Smart Regulation

*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018

There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to interpret existing legal requirements, and citizens are contending with their own expectations about confounding new technologies and business models. It is not clear, however, that the public policy being developed in any country is a thoughtful reaction to the promises and perils of today’s digital economy, rather than a knee-jerk over-reaction to imagined harms and a handful of high-profile incidents. (more…)

EmailShare
02 July 2018

First Circuit’s Decision Provides Guidance on Creating Enforceable Website Terms and Conditions

On June 25, the United States Court of Appeals for the First Circuit in Cullinane v. Uber Technologies, Inc., __ F.3d __, 2018 WL 3099388 (1st Cir. 2018), evaluated the enforceability of arbitration provisions in online contracts. The First Circuit found Uber’s arbitration provision, which contained a class action waiver, unenforceable because Uber did not make its terms of service sufficiently conspicuous. Cullinane highlights the importance of obtaining customers’ affirmative consent to an online contract and reaffirms that conspicuousness of the arbitration agreement and the form of assent that retailers require from consumers remain paramount.
(more…)

EmailShare
12 June 2018

11th Circuit Vacates LabMD Enforcement Order; Casts Doubt on Decades of FTC Cybersecurity Enforcement Practices

In recent years, the Federal Trade Commission has increasingly exercised its enforcement authority to target deceptive and unfair information security practices.  During this time, enforcement actions have targeted companies for failing to honor their promises to implement “reasonable” or “industry standard” security practices, defend against well-known security threats, put in place basic security measures, or take many other basic data security steps.  And despite challengers arguing that the FTC provided insufficient notice before pursuing these actions or that the actions otherwise exceeded the FTC’s Section 5 enforcement authority, the Commission generally has a track record of successfully defending its prerogatives.     (more…)

EmailShare
24 May 2018

GDPR Day is Here!

Whether you are marking today with a glass of champagne, a shot of whiskey, or a hot cup of tea, today marks a significant day for privacy professionals world-wide.

Here’s to all of the privacy professionals who have put in so many hours to prepare for the GDPR, fully effective as of Friday May 25, 2018 at midnight in Brussels; that is 6 PM eastern on Thursday, May 24th for toasting purposes.

For business executives, policymakers, and consumers who have become aware of the GDPR in recent weeks and are interested in learning more, visit our GDPR resource page here.

EmailShare
1 2 3 9
XSLT Plugin by BMI Calculator