Legal insights on navigating privacy, data protection, Cybersecurity, information governance, and e-discovery.
Data Law Insights Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
- Mini-Series on CIPA ā Part 4: How Big is the Risk?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 13, 2025 at 6:51 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Readingā¦
- Mini-Series on CIPA ā Part 3: Can I Eavesdrop on My Own Conversation?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 11, 2025 at 5:03 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Readingā¦
- Mini-Series on CIPA Part 2: What is a āPhoneā?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 6, 2025 at 6:24 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Readingā¦
- Mini-Series on CIPA ā Part 1: What is a āCommunicationā Anyway?by Jason Stiehl, Jacob Canter and Jazmine Buckley on February 4, 2025 at 8:09 pm
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out… Continue Readingā¦
- The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?by Arthur Focquet on August 26, 2024 at 1:14 pm
Key Takeaways 1. New cybersecurity measures and requirements are introduced by the EU for companies. 2. Contractual provisions with the supply chain may need to be revised. 3. High penalties and liability for management, including personal liability. I. Introduction On October 18, 2024, the requirements of Directive (EU) 2022/2555 on measures for a high common… Continue Readingā¦
- Text Messages Lead to $4.47B Liability in Securities Fraud Caseby John Sohn and Alicia Clausen on June 27, 2024 at 2:53 pm
Text messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence.Ā It has become clear that the most interesting, and sometimes most problematic, communications often do not take place via email. Messages sent via text and other… Continue Readingā¦
- SEC āEncouragesā Public Companies to Disclose āImmaterialā Cybersecurity Incidents Under Item 8.01 of Form 8-Kby William J. Bruno, Anand Sithian, Jennie Wang VonCannon, Matthew B. Welling, Daniel L. Zelenko and Jacob Canter on May 23, 2024 at 7:16 pm
The U.S. Securities and Exchange Commission (āSECā) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges in determining whether and when a cybersecurity incident warrants disclosure under Item 1.05. On May… Continue Readingā¦
- āBrowsing and location data are sensitive . . .. Full stopāby Laura Foggan, Jacob Canter and Branden Nikka on March 12, 2024 at 2:52 pm
āBrowsing and location data are sensitive . . .. Full stop,ā says the Federal Trade Commission. As is all granular data that can reveal āinsightsā that ācan be attributed to particular peopleā through a āre-identificationā procedure. This is one basis of complaints the FTC filed against Avast, X-Mode Social, and InMarket. A March 4, 2024… Continue Readingā¦
- DoDās New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Ruleby Evan D. Wolff, Michael G. Gruden, CIPP/G, Nkechi Kanu, Jacob Harrison and Alexis Ward on December 27, 2023 at 4:55 pm
On December 26, 2023, the Department of Defense (DoD) released the highly anticipatedĀ proposed ruleĀ for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during DoD contract… Continue Readingā¦
- FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosuresby Evan D. Wolff, Daniel L. Zelenko, Matthew B. Welling, Jennie Wang VonCannon, William J. Bruno, Anand Sithian, Garylene āGageā Javier, Neda Shaheen and Crowell & Moring on December 19, 2023 at 3:15 pm
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (āSECā). On December 6, 2023, the Federal Bureau of Investigation (āFBIā) Cyber Division published the āCyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Noticeā (the āPolicy Noticeā) in response… Continue Readingā¦
