• October 6, 2015

    Debt Collection Firm Fights Credit Report Claims At 1st Circ.

    Debt-collection law firm Lustig Glaser & Wilson PC and two of its attorneys urged the First Circuit on Monday not to revive claims that they unlawfully accessed a man’s credit report while attempting to collect a credit card debt, saying the plaintiff didn't state claims the court can consider.

  • October 6, 2015

    House Bills Tackle US Cybersecurity Plan, Airport Workers

    House lawmakers advanced two bills Tuesday that would require the U.S. Department of Homeland Security to develop a federal cybersecurity strategy and require subagency the Transportation Security Administration to tighten airport employees’ access to secured areas.

  • October 6, 2015

    Spokeo Tells High Court FCRA Suit Falls Flat Without Harm

    Spokeo Inc. urged the Supreme Court on Monday to overturn a Ninth Circuit order that revived a Virginia man’s proposed class action accusing the people search engine of violating the Fair Credit Reporting Act by publishing false information about him, reiterating its stance that no concrete harm has been alleged.

  • October 6, 2015

    NSA Metadata Challengers Redouble Efforts To Halt Program

    An activist suing the government over the bulk collection of telephone data once again asked a D.C. federal court for a preliminary injunction on Monday to stop the National Security Agency from collecting the data, saying that adding new plaintiffs who are Verizon subscribers establishes standing.

  • October 6, 2015

    Unauthorized Drone Use Ends In Record $2M FAA Fine

    The Federal Aviation Administration proposed its largest fine to date against a drone operator, slapping a Chicago-based aerial photography company with a $1.9 million penalty Tuesday after it said SkyPan International Inc. conducted 65 unauthorized flights over 2½ years.

  • October 6, 2015

    Transatlantic Data Sharing Pact Invalidated By EU High Court

    Europe's highest court ruled Tuesday that the safe harbor pact enabling transatlantic data transfers between the U.S. and European Union should be struck down, agreeing with its top legal adviser in finding that the deal fails to provide an adequate level of protection for EU citizens' data.

  • October 5, 2015

    DHS Agent Won't Be Deposed In Ex-Worker's Privacy Suit

    A D.C. federal judge declined Monday to compel a U.S. Department of Homeland Security investigator to be deposed in a suit by an ex-DHS employee who claims that her privacy rights were violated regarding a report that she provided false information for a vendor’s security clearance.

  • October 5, 2015

    Scottrade Hit With 1st Data Breach Suit

    Discount brokerage house Scottrade Inc. on Friday in California federal court was hit with the first proposed class action over a data breach — announced that same day — that targeted 4.6 million users between late 2013 and early 2014 and possibly compromised Social Security numbers and other information.

  • October 5, 2015

    Feds Unveil HIPAA Portal For Medical App Makers

    The Obama administration on Monday unveiled an online portal to receive questions from developers of mobile medical apps about compliance with the Health Insurance Portability and Accountability Act, a notable effort to strengthen privacy in the booming digital space, experts say.

  • October 5, 2015

    Justices Won't Hear Union Boss' Sealed FBI Affidavit Case

    The U.S. Supreme Court on Monday declined to hear an appeal from a Pennsylvania union boss seeking to overturn a Third Circuit decision rejecting his petition to seal in state court a federally sealed FBI affidavit used to defend the Philadelphia Inquirer against his libel suit.

  • October 5, 2015

    Twin Brothers Get Prison For Hacking State Dept.

    Twin brothers who worked as contractors for federal departments were sentenced to prison in Virginia federal court Friday after they pled guilty to a host of charges related to hacking State Department and commercial Internet systems and stealing credit card, passport and other personal information.

  • October 5, 2015

    Breach Of T-Mobile Data Stokes Cybersecurity Bill Debate

    Supporters and opponents of the Cybersecurity Information Sharing Act are using last week’s announcement of an Experian data breach affecting T-Mobile customers to boost their arguments on the pending bill, with each side saying the breach shows the urgency of their position.

  • October 5, 2015

    Kohl's Beats Employees' FCRA Background Check Claims

    A California federal judge agreed Monday to dismiss a proposed class action accusing Kohl’s Department Stores Inc. of improperly running background checks on job applicants, finding that two former employees who filed the suit failed to demonstrate any willful violations of the Fair Credit Reporting Act.

  • October 5, 2015

    Justices Won't Shake Hearst Win In Online Defamation Suit

    The U.S. Supreme Court announced on Monday it wouldn't hear a defamation case against Hearst media outlets over online stories about a woman's now-expunged arrest, leaving in place a Second Circuit opinion that denied the so-called right to be forgotten.

  • October 5, 2015

    Experian, T-Mobile Sued Over Breach Exposing 15M Records

    Lax security measures led to a data breach exposing the records of about 15 million T-Mobile customers that were held by consumer credit agency Experian North America Inc., according to a proposed class action filed in California federal court on Monday.

  • October 5, 2015

    High Court Declines Ex-Stockbroker's FINRA Privacy Appeal

    The U.S. Supreme Court on Monday declined to hear an appeal lodged by former stockbroker Alan Santos-Buch over the Financial Industry Regulatory Authority’s refusal to expunge its public record of a 1997 disciplinary action against him.

  • October 2, 2015

    T-Mobile Shifts Blame But Not Liability In Data Breach

    T-Mobile USA is unlikely to skirt liability for a recent cybersecurity breach at Experian that exposed the data of 15 million T-Mobile customers, with the telecom's choice and vetting of its vendor likely to come under heavy scrutiny from not only class action plaintiffs but also increasingly active regulators, attorneys say.

  • October 2, 2015

    DOD Pushes Contractor Cyber-Incident Reporting Overhaul

    All U.S. Department of Defense contractors will face tougher, faster reporting rules any time a data breach occurs for unclassified systems, according to an interim final rule published Friday in the Federal Register.

  • October 2, 2015

    Houzz Settles With Calif. AG Over Secret Call Recordings

    Home design website Houzz Inc. on Friday agreed to pay $175,000 to end a California Attorney General's privacy suit alleging that the company secretly recorded incoming and outgoing phone calls without notifying the other parties, violating California laws against eavesdropping and wiretapping.

  • October 2, 2015

    NYC Bar Says Attys Must Tell Clients If Docs Get Destroyed

    New York City attorneys are obligated to tell clients if files relating to ongoing matters have been destroyed in an accident or disaster, or if the situation resulted in their confidential information being compromised, according to a recent ethics opinion.

Expert Analysis

  • 5 Things Clients Never Tell Their Lawyers


    Given the times we live in, it is almost inevitable that everyone will, sooner or later, need to consult with legal counsel. With that in mind, I thought it might be interesting to discuss a few things that clients just won't tell their lawyers, says Francis Drelling, general counsel of Specialty Restaurants Corp.

  • Excellus Data Breach: Encryption Cannot Always Save The Day

    Scott Lyon

    Excellus BlueCross BlueShield recently became the fifth major health care provider to disclose a breach since the beginning of 2015. So how can health care providers and their attorneys improve network security? One of the first steps is realizing that the solution is not always technical in nature, says Scott Lyon of Sedgwick LLP.

  • Another Privacy Victory For Video Service Providers

    Alysa Hutnik

    The Ninth Circuit's recent ruling in Rodriguez v. Sony Computer Entertainment America LLC is in line with the trend of courts limiting streaming media companies' liability under the Video Privacy Protection Act — a trend becoming increasingly important to companies’ bottom lines, say Alysa Hutnik and Robyn Mohr of Kelley Drye & Warren LLP.

  • Privacy Risk Considerations In Health Care IT Investments

    Erin Whaley

    By whatever name you call it — health information technology, digital health, mobile health, telehealth — there is a lot of private equity and venture capital money flowing to this space. But to help mitigate the risk of your health IT investment becoming a headline, it is imperative that you carefully examine your target’s privacy and security practices, says Erin Whaley of Troutman Sanders LLP.

  • Inside National Futures Association Cybersecurity Guidance

    Heather Egan Sussman

    New cybersecurity guidance proposed by the National Futures Association is particularly noteworthy for firms that are not currently subject to the cybersecurity rules set forth by the U.S. Securities and Exchange Commission and the Financial Industry Regulatory Authority, say attorneys with Ropes & Gray LLP.

  • EEOC Won't Forget About Background Checks After Freeman

    Rod M. Fliegel

    Odds are the U.S. Equal Employment Opportunity Commission's settlement with BMW Manufacturing Co. LLC will embolden the EEOC, notwithstanding the $1 million in attorneys' fees it owes in Freeman, thus employers should continue to monitor the law surrounding criminal record screening policies, including Fair Credit Reporting Act class action litigation, say Jennifer Mora and Rod Fliegel of Littler Mendelson PC.

  • Like Neiman Marcus, Wyndham Is Not All It’s Cracked Up To Be

    John P. Hutchins

    Following the Third Circuit's recent decision in Federal Trade Commission v. Wyndham, commentators far and wide have predicted gloom and doom for those responsible for corporate data security. Certainly, the FTC’s self-proclaimed position as the “data breach police” was validated by the decision, but the formulation of a general standard for data security is no more certain now than it ever has been, says John Hutchins of LeClairRyan.

  • OPINION: Paul Harvey, RIP


    After recently hearing a young trial lawyer start his opening statement with the Paul Harvey approach, I feel motivated to set out the reasons why defense lawyers should not use this technique anymore, says Dr. Ross Laguzza of R&D Strategic Solutions.

  • The Problems With SEC’s Cybersecurity Approach

    Brian Rubin

    A recent U.S. Securities and Exchange Commission enforcement action against the victim of a cyberattack suggests that a breach, in and of itself, is prima facie evidence that a firm’s procedures were not reasonable. This strict liability standard and post hoc rationale eliminates the need to establish any causal relationship between the alleged procedural inadequacies and the breach, say Brian Rubin and Charlie Kruly of Sutherland ... (continued)

  • FTC Is Looking Beyond Consumer Harm Post-Breach

    Jason Brown

    Companies collecting consumer data need to understand that some enforcement agencies are construing "risk" and "privacy" in ways that challenge earlier understandings. This can mean enforcement actions, and even litigation, in situations where only limited data — or none at all — was compromised, say attorneys with Ropes & Gray LLP.