On March 3, 2017, the FTC announced the results of a study about online businesses’ use of proper email authentication technology to prevent phishing attacks. … Continue Reading
On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. … Continue Reading
On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading
On December 27, 2016, the Securities and Exchange Commission announced charges against three Chinese traders who allegedly made almost $3 million in illegal profits by fraudulently trading on nonpublic information that had been hacked from two New York-based law firms.… Continue Reading
On October 18, 2016, the United States Court of Appeals for the Fifth Circuit held in Apache Corp. v. Great American Ins. Co. that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. … Continue Reading
On July 14, 2016, the U.S. Court of Appeals for the Second Circuit held that Microsoft Corporation cannot be compelled to turn over customer emails stored abroad to U.S. law enforcement authorities.… Continue Reading
On October 23, 2015, the United States District Court for the District of Minnesota, in large part, upheld Target’s assertion of the attorney-client privilege and work-product protections for information associated with a privileged, internal investigation of Target’s 2013 data breach. … Continue Reading
On September 11, 2015, the Federal Communications Commission (“FCC”) announced that Lyft Inc. (“Lyft”) and First National Bank Corporation (“FNB”) violated the Telephone Consumer Protection Act (“TCPA”) by forcing their users to consent to receive automated text messages as a condition of using their services. The FCC warned that these violations could result in fines … Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
The Irish government filed an amicus brief in the ongoing dispute between Microsoft and the U.S. government concerning the U.S. government’s demands for data held by Microsoft on email servers located in Ireland.… Continue Reading
On December 15, 2014, Microsoft reported the filing of 10 amicus briefs in the 2nd Circuit Court of Appeals signed by leading technology and media companies, computer scientists and trade associations and advocacy organizations, in support of Microsoft's litigation to resist a U.S. Government's search warrant purporting to compel the production of Microsoft customer emails that are stored in Ireland.… Continue Reading
As reported in the Hunton Employment and Labor Perspectives Blog, in Purple Communications, Inc., a divided National Labor Relations Board held that employees have the right to use their employers' email systems for statutorily protected communications, including self-organization and other terms and conditions of employment, during non-working time.… Continue Reading
On May 1, 2014, the White House released a report examining how big data is affecting government, society and commerce. In addition to questioning longstanding tenets of privacy legislation, such as notice and consent requirements, the report recommends (1) passing national data breach legislation, (2) revising the Electronic Communications Privacy Act, and (3) advancing the Consumer Privacy Bill of Rights.… Continue Reading
On June 5, 2013, a federal district court in Ohio held that the Stored Communications Act can apply to an employer reading a former employee's personal emails on a company-issued mobile device that the employee returned at the end of the employment relationship.… Continue Reading
On June 28, 2013, the Swiss Federal Data Protection and Information Commissioner issued its annual report highlighting activities during the period from April 2012 to March 2013. This blog post provides an overview of information from the report that is relevant for international businesses with operations in Switzerland.… Continue Reading
In two recently-published German court decisions, the courts’ rulings impact Germany’s employee data protection law, including strengthening the position of German works councils and clarifying the risks associated with deleting former employees’ email accounts.… Continue Reading
Adam Kardash from Heenan Blaikie LLP in Canada reports that Industry Canada and the Canadian Radio-television and Telecommunications Commission have released draft regulations for Canada's Anti-Spam Legislation.
… Continue Reading
On April 5, 2011, Lisa Sotto, partner and head of the Privacy and Data Security practice at Hunton & Williams LLP, discussed the Epsilon email breach in an interview with Tracy Kitten of Information Security Media Group. The interview covered issues such as data protection requirements for sensitive consumer data, steps companies should take to … Continue Reading
This blog post provides detailed information on the much-anticipated Commercial Privacy Bill of Rights Act of 2011, which was introduced by Senators John Kerry and John McCain on April 12, 2011.
… Continue Reading
On April 7, 2011, the Securities and Exchange Commission announced a settlement involving three former brokerage firm executives charged with failing to protect confidential information about their customers in violation of Regulation S-P.
… Continue Reading
On March 30, 2011, Google agreed to settle Federal Trade Commission charges that it used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010.
… Continue Reading
Legal consultant Dr. Omer Tene reports that last week, the Israeli National Labor Court issued an opinion requiring employers to set forth clear policies with respect to employee use of computers and communications systems in the workplace. The Court distinguished between the monitoring of business email accounts, personal email accounts and "mixed" email accounts, and expressed reservations concerning the validity of employee consent in the monitoring context.
… Continue Reading
On May 25, 2010, bills were introduced in the Parliament of Canada that would amend PIPEDA to include a security breach notification provision and combat damaging and deceptive spam.
… Continue Reading
On March 30, 2010, the New Jersey Supreme Court ruled in favor of a former employee who claimed that state common privacy law protected certain of her emails from review by her employer.
… Continue Reading
