Peter Swire on the History of Bulk Metadata Collection. Alston & Bird Senior Counsel Peter Swire recently published a historical primer on bulk data collection under Section 215 of the USA PATRIOT Act. The article reviews the recent Second Circuit decision in ACLU v. Clapper rejecting the National Security Administration’s bulk collection of telephone metadata and discusses the prospects for passage of the USA FREEDOM Act.
The Supreme Court to Resolve Whether a Violation of a Statutory Right Confers Article III Standing. The Supreme Court recently agreed to hear the appeal in Spokeo, Inc. v. Robins, a case that may have significant implications for data breach litigation in particular and consumer class action litigation generally. At issue is whether a plaintiff who has suffered no actual injury or harm nonetheless has standing under Article III of the U.S. Constitution to seek recovery in federal court based on an alleged violation of a statutory right.
DOJ Issues Data Breach Guidance. On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document provides guidance on what the DOJ regards as “best practices for victims and potential victims to address the risk of data breaches, before, during and after cyber-attacks and intrusions.”
FTC Settles with Retail Tracking Firm Regarding Alleged Opt-out Misrepresentation. On April 23, 2015, the FTC and Nomi Technologies, Inc., settled the FTC’s misrepresentation charges related to Nomi’s “Listen” service, a multiple sensor technology that allows retailers to measure consumers’ in-store movements.
NAIC Publishes Principles for Effective Cybersecurity. The National Association of Insurance Commissioners Cybersecurity (EX) Task Force adopted "Principles for Effective Cybersecurity: Insurance Regulatory Guidance" on April 16, 2015. The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches.
SEC Confirms Plans to Issue New Cybersecurity Disclosure Rules. According to Smeeta Ramarathnam, chief of staff to SEC Commissioner Luis Aguilar, the SEC is currently engaging in a comprehensive re-work of its investor disclosure rules, including rules bearing on cybersecurity incident disclosure.
FCC Adopts Consent Order with AT&T Over Alleged Data Security Violations. The Federal Communications Commission announced on April 8 that it had adopted a consent decree between its Enforcement Bureau and AT&T Services, Inc., including a civil penalty of $25 million and a requirement to adopt a comprehensive compliance plan, among other actions. The consent decree alleges that AT&T “failed to properly protect the confidentiality of almost 280,000 customers’ … sensitive personal information” and “account-related data known as customer proprietary network information.”
Wyoming Broadens Definition of Personal Information in Amended Data Breach Notification Law. Wyoming has updated its data breach notification statute to widen the definition of “personal identifying information” that will trigger notification to individuals. The changes in the law will become effective July 1, 2015.
Court Finds Hulu Did Not “Knowingly” Disclose PII in Violation of VPPA, Grants Summary Judgment. Ending a four-year battle that has helped define the parameters of the Video Privacy Protection Act’s application to new technologies, on March 31, 2015, Northern District of California Magistrate Judge Laurel Beeler dismissed with prejudice the In re: Hulu Privacy Litigation. In doing so, Judge Beeler found that there was simply no evidence that Hulu knowingly disclosed plaintiffs’ video viewing selections and personal identification information to a third party.
New York State Regulator to Examine Insurers on Cybersecurity Following Comprehensive Risk Assessments. On March 26, 2015, Benjamin Lawsky, superintendent of the New York State Department of Financial Services, informed the CEOs, general counsel, and chief information officers of insurers doing business in the state of a mandatory cybersecurity questionnaire and the initiation of targeted cybersecurity examinations. Approximately 160 insurers will be affected by the initiative.
Alston & Bird in the News
- Peter Swire was quoted in Newsweek on the U.S. spying program and in MarketWatch on ESPN anchor Britt McHenry’s caught-on-camera tirade.
- Kim Peretti offers her thoughts on educating boards about cybersecurity risks in CIO Magazine.
- Jessica Corley also addresses boards and cybersecurity in Chief Executive Magazine.
- Alston & Bird partner Richard Grice took some time off to caddy at The Masters in Augusta, Georgia.
The Digital Download, as well as any articles or other content linked to or otherwise cited by or attached to it, is not intended to constitute and should not be relied upon as or construed to be legal advice.