Every organization is at risk of a data breach, and can learn something from Uber’s data privacy missteps. In an article for Corporate Compliance Insights, Squire Patton Boggs lawyers Colin Jennings, Ericka Johnson, and Dylan Yépez offer key takeaways from the company’s high-profile data breaches and the criminal charges that followed.… Continue Reading
A judge recently ordered Capital One to disclose its cybersecurity report about a data breach. For tips on how to keep such reports under attorney client privilege, go to our post here on the Consumer Privacy World blog by Colin Jennings, Ericka Johnson, and Dylan Yépez.… Continue Reading
As business slowly and cautiously reopens, cybercriminals lie in wait. A case study into a massive unemployment insurance fraud shows that cybercriminals patiently hunt for lucrative opportunities to strike. For that reason, companies reopening should consider conducting a cyber-audit to identify their cyber vulnerabilities and thwart cybercriminals lying in wait.… Continue Reading
The ongoing Iran-US tensions, and potential for retaliatory cyberattacks, alert each organization to prepare to defend against a cyberattack. Iran has a history of sophisticated cyberattacks in response to increased tensions. In a new client alert, our Data Privacy & Cybersecurity team recommends a thorough review of your people, facilities, networks, and data procedures in response … Continue Reading
Responding effectively to a data breach requires an organization to obtain a thorough forensic report about what happened and why. Yet this report can damage the company further if it becomes public inadvertently. Members of our cross-practice data protection team discuss how to protect a forensic report under privilege. The insights of Leah Parsons, Ericka Johnson, and Colin Jennings can be found here. A related … Continue Reading
Malicious actors want to take your data. When they have it, they will make you pay to get it back. Learn about ransomware and how to prepare against it with this informative and practical client alert. … Continue Reading
Following its agreement with the United Kingdom, the United States announces formal negotiations are underway with Australia about joining the CLOUD Act. Although also a bi-lateral negotiation, the U.S. talks with Australia strike a more practical tone than those with the U.K.… Continue Reading
Saying it will accelerate complex investigations, the United States and the United Kingdom proposed an historic data exchange agreement. In future, each government will be able to obtain electronic data directly from technology companies in the other country. The governments also say this first of its kind agreement will protect privacy and enhance civil liberties.… Continue Reading
Data protection in Poland now includes an updated “black list” of operations requiring an impact assessment. Another action announces a controversial decision about privacy of license plate numbers. In addition, a data breach manual is available. For fuller analysis see Magdalena Gad-Nowak’s article here in the Data Privacy & Cybersecurity blog.… Continue Reading
On May 31, 2019, the U.S. Attorney for the District of Kansas announced a $250,000 settlement with Coffey Health System, after two whistleblowers filed qui tam suit against Coffey for violations of the False Claims Act. The settlement resolved allegations that Coffey submitted false claims to Medicare and Medicaid pursuant to the Electronic Health Records … Continue Reading
Another example about the costs of lax data security involves a medical imaging company in the U.S. The company did not perform a risk analysis and failed to respond properly when alerted to problems. See the full post here on the Triage blog.… Continue Reading
Recent rulings conflict on whether police can force individuals to unlock their smartphones. The result depends upon where you are located, with differing rulings from Massachusetts and California. Further, there is an international dimension, illustrated by a recent decision from Israel. In short, as described below, the traveler must beware.… Continue Reading
Fascination continues about the identity of Country A in Special Counsel Mueller’s investigation into Russian interference. An unidentified corporation is a witness in the investigation and is owned by Country A. Recent developments provide clues in the unredacted portions of unsealed court rulings and party filings. Based on linguistic analysis of court rulings and pleadings, Kristina … Continue Reading
The Department of Justice released new Enforcement Policy for the Foreign Corrupt Practices Act (FCPA). The revisions include a new provision that many believe impairs the use of instant messaging software and other third-party messaging apps by employees. In order to receive a declination and full credit for cooperating with investigators under the Enforcement Policy, U.S. companies … Continue Reading
In Carpenter v. United States, the Supreme Court protected cell site location data. Now “the Government must generally obtain a warrant supported by probable cause before acquiring such records.” Read here about the decision and its implications for organizations, particularly technology providers. The article is written by Squire Patton Boggs attorneys Tara Swaminatha, Robin Campbell, … Continue Reading
Even the best laid plan for data security requires follow through. A cancer center was penalized $4.3 million by the government for failing to complete its encryption plan for devices. The decision is instructive even for companies not specifically required to protect data under government regulation. Tom Zeno and Elliot Golding of Squire Patton Boggs discuss … Continue Reading
The Supreme Court allows routine border searches because the “Government’s interest in preventing the entry of unwanted persons and effects is at its zenith at the international border.” Some level of suspicion is required only when a search infringes the dignity and privacy interest of the persons being searched. Circuits are now split about whether … Continue Reading
In late April, the U.S. Securities and Exchange Commission (SEC) hit Yahoo with a $35 million dollar fine for failing to properly assess and disclose a 2014 data breach that affected more than 500 million user accounts. The case marks the first time the SEC has charged a public company with cybersecurity-related disclosure violations and … Continue Reading
Buried on page 2,201 of the 2,232-page 2018 Omnibus Spending Bill, the CLOUD Act was signed into law on March 23, 2018. The bill allows U.S. law enforcement to obtain U.S. citizens’ private data from servers anywhere in the world, provided that an agreement exists with that country on data sharing. However, the CLOUD Act … Continue Reading
On February 27, 2018, the Supreme Court heard oral arguments in a case that will affect the security of data stored in the cloud. At issue in United States v. Microsoft is whether a U.S. based digital communications provider must comply with a warrant for user data stored on servers located outside of the U.S. … Continue Reading
Annually, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities for the new year. Recently, OCIE announced five priorities that will inform its examinations moving in to 2018. OCIE is committed to “promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.” In support of these “pillars,” … Continue Reading
2018 arrived in the wake of big changes at the U.S. Securities and Exchange Commission (“the SEC”). Jay Clayton was sworn in as Chairman of the Commission in May, naming Steve Peikin and Stephanie Avakian as Co-Directors of the Enforcement Division (the “Division”) in June. As many do for the start of a new year, … Continue Reading
The US Departments of Justice and State recently launched the “IP Law Enforcement Coordinator Network” to focus on international trademark counterfeiting, copyright piracy and other forms of intellectual property rights infringement across the world, spanning all industry sectors. And while the components of the Network are not new, there is now renewed focus on these … Continue Reading
In June 2017 the French data protection authority, the CNIL, published a revised norm for reporting systems ( “AU-004”) that will permit the implementation of the changes recently introduced by the new French Anti-corruption Law “Sapin II” (as set out in our previous article “New French Anti-corruption Law Sapin II”). To read more about the change … Continue Reading
