RSS Print Email

Data Security

Dominique Shelton Named Most Influential Lawyer in Digital Media and E-Commerce Law by Los Angeles Business Journal

July 31, 2014 | Posted by Privacy & Data Security Team | Topic(s): Data Security, Privacy

Dominique Shelton, partner in the firm’s Litigation & Trial Practice and Privacy & Data Security Groups was recently included by the Los Angeles Business Journal in their inaugural, “Most Influential Lawyers: Digital Media and E-Commerce.”

The list recognizes 30 Los Angeles attorneys who have demonstrated outstanding achievements in digital media and e-commerce law. Shelton is noted as one of the top practitioners in her field, advising clients on “cutting-edge” legal issues and “representing companies in a variety of industries and service sectors, including digital sales and marketing, advertising, wireless/mobile Internet, lead generation, manufacturing and electrical, software, telecommunications and television.”

Posted by Privacy & Data Security Team | Alston & Bird LLP

U.S. Treasury Secretary Lew Emphasizes Cyber-Risks for Financial Institutions

In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew.

Read More

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

July 29, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial to companies of all sizes, both in the public and private sectors. Directors and officers are under increased scrutiny and expected to be fully aware and engaged in their companies’ cybersecurity measures. Peretti and Corley’s article addresses the risks and impacts of data breaches, as well as practical pre- and post-breach guidance.

To read the full article, click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Privacy Partner Dominique Shelton Authors Privacy Advisor Article on Hulu VPPA Case

Dominique Shelton, partner in Alston and Bird’s Privacy & Data Security practice and member of the Litigation and Trial Practice group, authored an article appearing on June 19 in International Association of Privacy Professionals' (IAPP) Privacy Advisor titled, “Court Denies Class-Action in Hulu Case, But There’s More." In the article, Shelton discusses the Hulu consumer class-action case that has been ongoing since July 2011. Shelton points out that any company that hosts video content on its website or mobile app and includes a “Like” button or other social networking plug-in should be following this case. The issue at-hand is whether or not the technology associated with the “Like” button constitutes a violation of the Video Privacy Protection Act (VPPA) by disclosing users’ viewing habits without their consent. Because this case touches so many companies, it is an important one to follow. The case resurfaced in the news this week because the court denied the plaintiffs’ putative class-action lawsuit, without prejudice.

Read More

West Virginia High Court Finds Standing without Harm for Invasion of Privacy Claim in State Data Breach Class Action

June 20, 2014 | Posted by Zach Neal & Alex Brown | Topic(s): Health Privacy, Data Security, Litigation, Class Action

The West Virginia Supreme Court of Appeals recently issued an important – but outlier – decision in a data breach class action. In a per curiam decision, the Court held that the plaintiffs had standing to bring their claims even though discovery revealed that not a single class member – much less the named plaintiffs – had suffered any property damage or economic losses. Tabata v. Charleston Area Med. Ctr., No. 13-0766, --- S.E.2d ---, 2014 WL 2439961 (W. Va. May 28, 2014). Indeed, the court found that, although some of plaintiffs’ personal information had accidentally been made available on a website, there was no evidence anyone had ever viewed that information. Despite this, the Court concluded that the plaintiffs had standing to bring two common law claims.

Read More

Hulu: The Northern District of California Denies Class Certification without Prejudice on Grounds Class Not Ascertainable

Data privacy practices and related class action litigation continue to be super-hot topics that require close attention from companies. Brand damage, governance shakeups and congressional inquiries because of data practices should provide sufficient motivation to stay up-to-the minute in these critical areas. This advisory examines the latest developments in the Hulu litigation involving alleged violations of the Video Privacy Protection Act. While a California federal district court has denied certification of a class of Hulu video service users, it left the door open for future class cases in this emerging area.

The full Cyber Alert is available here

Written by Kim Chemerinsky, Senior Associate, Privacy & Data Security | Alston & Bird LLP

A+B Privacy Team Provides Analysis of California AG Privacy Report: New Best Practices Guidance Applies to all Businesses Collecting Personal Information from California Residents

In follow up to our previous blog, California AG Kamala Harris Issues Privacy Policy Guidance: Making Your Privacy Practices Public Contains Draft Tips for Website and Online Service Privacy Policies, regarding the release of the AG’s report, please see our recently released client advisory providing a detailed analysis of the new privacy guidance: California Attorney General Kamala Harris Releases Long-Anticipated Guidance Regarding Privacy Policy Notices . As conceived, the Report is designed to apply to all businesses, regardless of the country or state in which they operate, based on the California AG’s position that the California Online Privacy Protection Act (Cal-OPPA) applies to all companies that collect personal information about California residents through their websites, online services or mobile apps, even if the business has no other connection to California.

Written by Dominique Shelton, Partner, Privacy & Data Security and Litigation and Trial Practice and Paul Martino, Partner, Privacy & Data Security and Legislative & Public Policy| Alston & Bird LLP

Eleventh Circuit Paves the Way for the FTC’s Administrative Action to Proceed; FTC denies LabMD’s Motion for Summary Decision

Two decisions from last week have provided clarity – at least regarding which tribunal will first decide whether LabMD violated Section 5 – in the ongoing battle between the FTC and LabMD. In the first decision, the Eleventh Circuit refused to stay, pending appellate review, the FTC’s administrative action against LabMD. This decision came on the heels of the district court refusing to enjoin the FTC’s administrative action due to a lack of jurisdiction to do so. In the second decision, the FTC refused to grant LabMD’s Motion for Summary Decision. The net result of these decisions is twofold. First, the trial of the FTC’s administrative proceeding against LabMD is now in progress. Second, no federal court will likely address the merits of LabMD’s arguments until after the FTC’s administrative action concludes.

Read More

California AG Kamala Harris Issues Privacy Policy Guidance: Making Your Privacy Practices Public Contains Draft Tips for Website and Online Service Privacy Policies

Today, California Attorney General Kamala Harris released her long-anticipated guidance on privacy policies for companies collecting information from California residents in a report entitled Making Your Privacy Practices Public (the “Report”). While the Report exceeds existing law in many respects, affected companies should take heed to review the report and be familiar with its contents as it sets forth a blue print for how the CA AG’s office views “best practices” in connection with privacy policy drafting in the areas of “Big Data,” behavioral tracking, data security, and the “readability” of privacy disclosures. Further, the CA AG takes the position that California’s Online Privacy Protection Act (Cal-OPPA) applies to all companies that collect information from California residents – and as such applies to companies operating outside of California.

Read More

Special Assistant Attorney General Speaks On Privacy Issues At Alston & Bird’s Los Angeles Office

May 14, 2014 | Posted by Sheila Shah | Topic(s): Advisories, Data Security, Data Breach, Behavioral Tracking, Big Data

As part of the California Attorney General’s ongoing effort to educate the business community regarding privacy issues, Jeffrey Rabkin, Special Assistant Attorney General for Law and Technology, briefed business professionals, privacy officers, in-house and outside counsel on May 13, 2014, in Alston & Bird’s Los Angeles Office.

Read More

DOJ Issues White Paper on Cybersecurity Information Sharing Under the SCA

On Friday, May 9 the Department of Justice (DOJ) released a white paper stating that under its interpretation of the Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., communications companies are permitted to disclose “non-content information to the government” as long as that information is in its “aggregate form.” The lynchpin of the DOJ’s analysis is whether the shared information identifies or provides information regarding particular subscribers or customers. Under that standard, data that “is aggregated but still provides information about a particular subscriber or customer” is prohibited from disclosure under the SCA. In releasing its white paper, the DOJ recognized that “information sharing is a critical component of bolstering public and private network owners’ and operators’ capacity to protect their networks against evolving and increasingly sophisticated cyber threats.” As such, “the private sector would benefit from a better understanding of whether the electronic communications statutes [DOJ enforces] prohibit them from voluntarily sharing useful cybersecurity information with the government.”

Read More

LabMD Wins Discovery Disputes Against FTC; FTC Compelled to Disclose Data Security Standards

In the latest chapter of the ongoing battle between the FTC and LabMD, Inc. (“LabMD”) about the FTC’s claim that LabMD violated the FTC Act’s Section 5 bar on “unfair” acts or practices because of its allegedly inadequate data security practices, an administrative law judge overseeing the FTC’s administrative action against LabMD recently issued two discovery orders. These discovery orders may, at least to some extent, force the FTC to outline its sometimes opaque standards for data security.

Read More

FFIEC to Host Cybersecurity Webinar

April 28, 2014 | Posted by Michael Young | Topic(s): Advisories, Events, Data Security, Cybersecurity, Data Protection

On May 7, the Federal Financial Institutions Examination Council (FFIEC) will host a free webinar on cybersecurity for financial institutions, entitled Executive Leadership of Cybersecurity: What Today's CEO Needs to Know About the Threats They Don't See. The webinar will provide guidance to senior managers on responding effectively to “current cyber threats.” Topics include “building a security culture, integrating cybersecurity into the business units, and engaging boards of directors.” A question and answer session with financial regulators will also be provided.

Read More

FTC Invites Public Comments on Mobile Security

On April 17, 2014, the Federal Trade Commission (“FTC”) issued a press release, announcing that the FTC is seeking public comments to explore mobile security issues. The press release refers to the mobile security forum held last year to examine the state of mobile security (the “Forum”). In the press release, the FTC invites comments from the public to expand on a number of complex issues discussed at the Forum with an eye towards a report.

Read More

DOJ and FTC Issue Antitrust Policy Statement on Cybersecurity Information Sharing

April 11, 2014 | Posted by Maki DePalo | Topic(s): Data Security, Cybersecurity, Privacy, Data Protection

On April 10, 2014, The Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) (collectively, the “Agencies”) issued a policy statement on the sharing of cybersecurity information. The policy statement indicates that the Agencies share the President’s view that “cyber threat is one of the most serious economic and national security challenges we face as a nation.” In the policy statement, the Agencies explain how their analytical framework for information sharing works with respect to the exchange of cyber threat information and clarify that properly designed sharing of cyber threat information should not raise antitrust concerns.

Read More

1234567