Michael Young

Michael Young’s practice focuses primarily on data privacy and security as a member of the firm’s Technology, Privacy & IP Transactions Group. Read more→

Data Protection Commissioners Adopt Resolution on International Cooperation

Posted on: 27 Oct 2014

On October 14, the International Data Protection and Privacy Commissioners’ (“IDPPC”) conference adopted a resolution calling for increased enforcement cooperation among international data protection authorities. Data protection authorities from around the world participated in the IDPCC conference, including representatives from Europe, Asia, the United States (including the Federal Trade Commission), and South America. In the “Resolution on Enforcement Cooperation,” the IDPCC encourages “efforts to bring about more effective cooperation in cross-border investigation […] Read more

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

Posted on: 18 Aug 2014

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce. Administered by the Department of Commerce and primarily enforced by the FTC, the Safe Harbor program facilitates data transfers between E.U. and U.S. companies who have agreed […] Read more

District Judge Upholds Decision Requiring Microsoft to Provide Irish Data to U.S. Investigators

Posted on: 04 Aug 2014

On July 31, Federal District Judge Loretta A. Preska (Southern District of New York) upheld the decision of a magistrate judge requiring Microsoft to turn over the contents of customer email stored in Ireland to U.S. investigators. The magistrate’s April decision was previously discussed on this blog. Federal investigators had obtained a warrant for the email content under the federal Stored Communication Act (“SCA”). Microsoft sought to quash the warrant with respect to the production of customer emails stored on a server in Dublin, Ireland, arguing that the enforcement of the warrant […] Read more

U.S. Treasury Secretary Lew Emphasizes Cyber-Risks for Financial Institutions

Posted on: 30 Jul 2014

In remarks delivered earlier this month, U.S. Treasury Secretary Jacob Lew highlighted the dangers of “cyber intrusions” to financial institutions. Secretary Lew cited more than 250 cyber attacks against U.S. banks and credit unions since 2011, as well as recent hacks and credit card thefts against major retailers. “Cyber attacks on our financial system represent a real threat to our economic and national security,” said Secretary Lew. To combat cyber attacks, Secretary Lew recommended that financial institutions adopt the NIST Cybersecurity Framework, stating that “every […] Read more

Google Must Scrub its Search Engine of Individual’s Personal Data, Court Rules

Posted on: 13 May 2014

The European Court of Justice (“ECJ”) ruled today that Google may be compelled to remove search listings of web pages containing information about individuals. Mario Costeja Gonzalez, a Spanish national, complained in 2010 to Spain’s data protection authority (“Spanish DPA”) about the inclusion of a newspaper article in Google search results that appeared when searching his name. Mr. Gonzalez asked the Spanish DPA to order Google to remove its links to the 1998 story, which revealed Mr. Gonzalez’s connection with the forced sale of real-estate to recover […] Read more

U.S. Court Requires Microsoft to Produce Data Stored in Ireland Pursuant to SCA Search Warrant

Posted on: 09 May 2014

On April 25, a federal magistrate judge ruled that Microsoft must disclose to U.S. federal investigators the contents of a customer’s email account stored outside of the United States. Microsoft had previously complied with portions of a search warrant seeking certain other information related to the targeted email account, but the company moved to quash the warrant with respect to the production of customer emails stored in Dublin, Ireland. In a 26-page memorandum and order, Judge James C. Francis IV (Southern District of New York) rejected Microsoft’s arguments and held that the enforcement […] Read more

FFIEC to Host Cybersecurity Webinar

Posted on: 28 Apr 2014

On May 7, the Federal Financial Institutions Examination Council (FFIEC) will host a free webinar on cybersecurity for financial institutions, entitled Executive Leadership of Cybersecurity: What Today’s CEO Needs to Know About the Threats They Don’t See. The webinar will provide guidance to senior managers on responding effectively to “current cyber threats.” Topics include “building a security culture, integrating cybersecurity into the business units, and engaging boards of directors.” A question and answer session with financial regulators will also […] Read more

New York Court Upholds Constitutionality of NSA Metadata Collection

Posted on: 31 Dec 2013

On December 27, ruling in American Civil Liberties Union v Clapper, No. 13 Civ. 9334 (S.D.N.Y. Dec. 27, 2013), federal district Judge William H. Pauley III granted the government’s motion to dismiss a complaint brought by the ACLU challenging the constitutionality of the NSA’s bulk collection of telephone metadata. Telephone metadata consists of the record maintained by a phone company of “when, and to what telephone number [a] call was placed, and how long it lasted.” The ACLU filed its complaint following the leaks by former NSA contractor Edward Snowden and the public […] Read more

NSA Collection of Metadata Ruled Unconstitutional

Posted on: 23 Dec 2013

On December 16, Federal District Judge for the District of Columbia Richard Leon held the National Security Administration’s collection of telephone metadata to be an unconstitutional invasion of privacy under the Fourth Amendment. Previous challenges to governmental collection of telephone metadata have met with failure, and the ruling marks the first time a federal court has held the NSA metadata collection program to be unconstitutional under the Fourth Amendment. The existence of the secret NSA program was revealed earlier this year in leaks by former NSA systems administrator Edward […] Read more

New Malaysian Data Privacy Law

Posted on: 05 Dec 2013

After enactment in 2010, Malaysia’s Personal Data Protection Act, and implementing regulations, finally went into effect on November 15, 2013. The law applies to the processing of “personal data” by entities operating in Malaysia but generally does not apply to data processed entirely outside of Malaysia.[1] Additionally, official registration requirements will extend to many classes of “data users” (those who control or authorize data processing),[2] including those in the communications, banking and financial, insurance, health care, and other industries.[3] “Personal […] Read more