Cybersecurity & Privacy

  • July 21, 2017

    $11.2M Ashley Madison Data Breach Deal Gets Go-Ahead

    A Missouri federal judge on Friday preliminarily approved a proposed $11.2 million deal to end a suit over online dating site Ashley Madison’s 2015 data breach, giving the deal a nod just days after its proposal and the same day as a hearing on the subject.

  • July 21, 2017

    Texas Groups Seek to Block Release of Voter Data

    The Texas NAACP and the League of Women Voters of Texas filed suit Thursday against state election officials to prevent the transfer of personal voter data to the Presidential Election Commission, arguing those officials have indicated they will hand over the information in a way that violates state laws.

  • July 21, 2017

    Ky. Abortion Clinic Gets Buffer Zone Ahead Of Protests

    A Kentucky federal judge Friday ordered anti-abortion groups to steer clear from the state’s only abortion clinic as it braces for a wave of protests.

  • July 21, 2017

    Researchers Take New Look At Software Flaw Vulnerabilities

    Multiple parties are independently discovering the same software vulnerabilities more often than previously reported, researchers from the Harvard Kennedy School’s Belfer Center concluded in a recent paper, saying their findings highlight the importance of carefully weighing the risks of keeping a flaw under wraps. 

  • July 21, 2017

    Wash. Expands Biometric Privacy Quilt With More Limited Law

    A newly enacted Washington state law governing the collection and use of consumers’ biometric information is seen as a more business-friendly alternative to an Illinois law that has provoked a flurry of consumer suits, and may stand as a model for states to emulate in future legislation, experts say.

  • July 21, 2017

    Nurse Properly Fired For HIPAA Violation, Ky. Court Rules

    A Kentucky appellate panel on Friday affirmed the dismissal of a suit accusing a hospital of unlawfully firing a nurse for violating the Health Insurance Portability and Accountability Act by disclosing a patient’s confidential health information, rejecting the nurse’s argument that the disclosure was incidental.

  • July 21, 2017

    Noodles & Co. Dodges Credit Unions’ Data Breach Suit

    A Colorado federal judge tossed a proposed class action brought by financial institutions over a Noodles & Co. data breach, ruling Friday that the credit unions’ negligence claims failed as they had not shown that the fast-casual chain had contractual obligations toward them.

  • July 21, 2017

    Darden Says Evidence Lacking In Customer's Receipt Suit

    Darden Restaurants Inc. has asked a Florida federal judge to order a consumer to show why her suit, which claims the restaurant improperly printed a receipt with her credit card's expiration date, should remain in court, arguing the customer has failed to provide any documents that support her case.

  • July 21, 2017

    Kasowitz Stepping Aside From Russia Probe

    Marc Kasowitz is no longer playing an active role in the representation of President Donald Trump in the Russia investigation, according to multiple news reports Thursday night. 

  • July 21, 2017

    Medical Malpractice Cases To Watch In The 2nd Half Of 2017

    A bid to have the U.S. Supreme Court review a Florida statute giving patients access to hospital incident reports and a looming California ruling affecting doctors on workers' compensation panels are among the medical malpractice cases attorneys will be following in the second half of 2017. Here, Law360 takes a look at four pending cases.

  • July 21, 2017

    FCC Confirms 1st May Cyberattack 'Analysis' Was Unwritten

    The Federal Communications Commission on Thursday confirmed that it did not initially create a written analysis of a May cyberattack that temporarily slowed its online comment system, but it denied reports that it skimped on record-keeping, saying news stories based on its response to a Freedom of Information Act request were “categorically false.”

  • July 21, 2017

    TransUnion Says $60M FCRA Verdict Warrants New Trial

    One month after a jury found TransUnion owed $60 million in damages for violating the Fair Credit Reporting Act by conflating a class of consumers with similarly named terrorists and criminals from a government watch list, the company recently told a California federal court that the award was excessive and asked for a new trial.

  • July 21, 2017

    Judge Mulls Privacy Concerns In Utah Drug Records Case

    A Utah federal judge on Thursday began weighing whether the Drug Enforcement Administration can warrantlessly access that state’s prescription drug database, even as civil liberty advocates warn that the measure, defended as a critical step in fighting the opioid crisis, would undermine privacy safeguards.

  • July 20, 2017

    EPIC Demands Info About Biometric Tracking At U.S. Borders

    The Electronic Privacy Information Center asked a D.C. federal judge Wednesday to force U.S. Customs and Border Protection to fork over information about its use of biometric information at U.S. entry and exit points, as the agency moves toward establishing a tracking system President Donald Trump has said he wants implemented quickly.

  • July 20, 2017

    PC Richard Resolves Shopper's Suit Over Card Receipts

    P.C. Richard and a consumer agreed Thursday to dismiss a putative class action against the retailer in New Jersey federal court, after telling a judge this week that the parties had reached a tentative deal over claims the company unlawfully printed credit or debit card expiration dates on sales receipts.

  • July 20, 2017

    Russian Hacker Gets 5 Years For $500M Malware Attack

    A Russian man was sentenced to five years in prison Wednesday in Georgia federal court for his part in the development and distribution of malicious Citadel malware that infected 11 million computers worldwide and caused $500 million in losses.

  • July 20, 2017

    Dentons Ex-Associate Pleads Not Guilty To Extortion Plot

    A former litigation associate at Dentons on Thursday pled not guilty to felony extortion charges stemming from threats he allegedly made to release confidential and sensitive materials taken from a partner’s email account unless the firm paid him $210,000 and handed over a piece of artwork.

  • July 20, 2017

    FCC Proposes Rule For Unmasking Threatening Calls

    In response to a reported rise in threatening phone calls made to schools and religious groups, the Federal Communications Commission announced it is considering a proposed rule to be published Friday that would unmask unidentified callers in specific instances.

  • July 20, 2017

    Pa. Man Admits To Stealing $40M In Bitcoin

    A Pennsylvania man is accused of identity theft and fraud after he admitted to stealing from individuals who use bitcoin, amassing a stash of the online currency valued at over $40 million, according to a criminal complaint filed Wednesday in federal court.

  • July 20, 2017

    Illegal 'Dark Web' Marketplace Shuttered In Global Operation

    The world's largest online criminal marketplace has been shut down after more than two years of providing a place to anonymously buy and sell illegal goods like drugs and firearms, stolen and falsified identification documents, and malware and hacking tools, the U.S. Department of Justice announced Thursday.

Expert Analysis

  • The Elephant In The Room: Advancing Women To Partnership

    Anusia Gillespie

    Despite more focus and investment, the numbers continue to show little progress in advancing women to the top tiers of firm leadership. Considering the irreversible nature of the transformation of the market for top talent, it is time to start experimenting and innovating from the core, rather than from the periphery, say Anusia Gillespie and Scott Westfahl of Harvard Law School.

  • How Midsize Law Firms Can Minimize Cybersecurity Threats

    K. Stefan Chin

    It can be challenging for midsize law firms to develop an enterprise cybersecurity program that mitigates the eminent threat of data breach and meets the regulatory and compliance requirements of the firm and its clients. This challenge becomes daunting when considering the steady rise in client audits, say K. Stefan Chin of Peckar & Abramson PC and John Sweeney of Logicforce.

  • Autonomous Vehicles And European Data Protection: Part 1

    Oliver Yaros

    The emergence of connected and autonomous vehicles will lead to industry participants collecting and analyzing immense amounts of data from those vehicles for many purposes. But first, key legal issues must be addressed. European data protection laws present particular challenges, say Oliver Yaros and Ryota Nishikawa of Mayer Brown LLP.

  • Lessons From The CoinDash Hack

    Stuart Levi

    The CoinDash initial coin offering was hacked within minutes of its launch, resulting in numerous potential purchasers sending their money to a fraudulent address. The hack has raised many questions about the security and legitimacy of ICOs and of the blockchain more generally, says Stuart Levi, co-head of the intellectual property and technology group at Skadden Arps Slate Meagher & Flom LLP.

  • GDPR — Unlocking The Security Obligations


    The General Data Protection Regulation recognizes that security is an essential feature of data protection, but it provides little explicit guidance on how to implement a GDPR-compliant security program. However, there are several key provisions that provide broad-brush suggestions on the tools companies might employ to comply, says Shannon Yavorsky of Venable LLP.

  • The Gov't Wants To Tell Your Car How To Drive Your Car

    Michael Nelson

    Congress has been an observer on the sidelines when it comes to laws related to automated cars — up until now. The House Energy and Commerce Committee recently released a series of discussion drafts that, if passed, would not only significantly increase the government’s oversight of highly automated vehicles, but also would look to free automakers from the current patchwork of state regulations, say attorneys with Eversheds Sutherland.

  • A Conversation With Keesal Young CISO Justin Hectus


    In this interview, legal industry analyst Ari Kaplan discusses the Electronic Discovery Reference Model questionnaire with Justin Hectus, chief information security officer at Keesal Young & Logan, a Pacific Rim-based law firm with a national litigation practice.

  • A Chat With FTC’s Thomas Pahl

    Lucy Morris

    Recently, I joined a “fireside chat” with Thomas Pahl, acting director of the Federal Trade Commission’s Bureau of Consumer Protection. He discussed the FTC’s consumer protection priorities and its initiative to reform the agency’s investigative process, says Lucy Morris of Hudson Cook LLC.

  • Facing The IoT's Regulatory, Security And Privacy Risks

    Rebecca Eisner

    In spite of the internet of things' growing popularity, the U.S. government has largely adopted a "wait and see" approach to specifically regulating the IoT. However, businesses must pay attention to cybersecurity risks, as well as new liability and regulatory risks, say attorneys with Mayer Brown LLP.

  • Courts Rein In TCPA 'Revocation Of Consent' Claims

    Michael Daly

    As we all anxiously await a decision in the appeal from the Federal Communications Commission's “any reasonable method” ruling, several courts have found other ways to limit this particular species of Telephone Consumer Protection Act abuse. The most recent and notable is the Second Circuit's decision last month in Reyes v. Lincoln, say Michael Daly and Daniel Brewer of Drinker Biddle & Reath LLP.