Digital Media and Data Privacy Law Blog

As COVID-19 has spread throughout the world and within the United States, companies of all sizes have had to make quick decisions about how to implement work-from-home procedures. While many businesses are accustomed to having some of their employees work remotely at any given time, the sudden shift to a majority of the work force being away from controlled office networks and environments presents a unique and heightened set of technical and cybersecurity challenges.

To access the full article, click here.Read More 

Like many people, Aaron Graham and Eric Jordan carried cell phones around in 2011. Unlike most people, Graham and Jordan were convicted of crimes arising from their participation in a series of armed robberies[1] in that period, and were soon sorry that they had their cell phones on them when those robberies happened.  Sitting en banc, the U.S. Court of Appeals for the Fourth Circuit just made them sorry last Tuesday in United States v. Graham, No. 12-4659 (4th Cir. May 31, 2016).

Because in their investigation, federal agents sought the cell-site location information (or “CSLI” as ... Read More 

If you’ve ever attended the SEC Speaks conference, you know that the official program is an intensely uninteresting collection of short speeches by SEC officials who don’t have a lot of incentives to say groundbreaking things.  But occasionally there are exceptions.  I think Deputy Director Stephanie Avakian’s discussion of cybersecurity cases on Friday was one of those.

Avakian broke those cases down into three categories.

1. Failures of registered entities to safeguard information.  She cited the R.T. Jones Capital Equities Management case from September of last year as an ...

Over the last couple years, the SEC’s cybersecurity bark has been worse than its bite.  Its Office of Compliance, Inspections, and Examinations issued examination priorities in 2014.  Commissioner Aguilar warned public company boards that they had better get smart about the topic a few months later.  The results of OCIE’s cybersecurity exam sweep were released in March of this year.  And the Investment Management Division said words, not many words, about investment advisers’ responsibilities in this area in July.

Alleged Facts

What it hasn’t done recently is sue somebody ... Read More 

Ed. Note: This entry is cross posted from Cady Bar the Door, David Smyth's blog offering Insight & Commentary on SEC Enforcement Actions and White Collar Crime.

When I was at the SEC and online broker-dealers’ customers were the victims of hacking incidents, I used to wonder, why don’t the broker-dealers require multi-factor authentication to gain access to accounts? It was a silly question. I knew the answer. Multi-factor authentication is a pain and nobody likes it.

Do you know what it is? Here’s what Wikipedia says, so it must be true:

Multi-factor authentication ... Read More 

Unless you have been completely disconnected from all media, you are probably already aware that on Sunday, February 15, 2015, the FAA announced the release of its long-awaited rules to govern commercial sUAS (small unmanned aircraft systems) operations in the United States. The FAA’s proposed sUAS rules arrived like a barely-late valentine or box of candy, with the recipients hoping to read loving prose and enjoy fresh, rich chocolates. At this point, of course, the rules are merely a proposed regulatory regime (as embodied in a document that is called a “Notice of Proposed ... Read More 

You have probably heard about the recent data breach at Sony; after all, it’s not often that Kim Jong Un and Angelina Jolie are mentioned as part of the same story. Unlike other recent high profile hacks, the recent Sony hack appears to be somewhat different in character: the hackers appear to care most about using the information stolen from Sony to bring shame and scorn to the company, rather than for their own pecuniary gain.

And the story appears to continue down the proverbial rabbit hole, with reports of a tongue-and-cheek offer of investigative cooperation from the North Koreans ... Read More 

by Forrest Campbell, Health Law Attorney, fcampbell@brookspierce.com 

In December 2014, the U.S. Department of Health and Human Services ("HHS") and Anchorage Community Mental Health Services ("ACMHS") settled alleged HIPAA violations for $150,000.

Don't be misled--this settlement is not important just for parties subject to HIPAA. It's important to anyone who maintains confidential information in electronic form.

Here's what happened according to HHS. ACMHS failed to regularly update its IT resources with available patches, and ACMHS used outdated, unsupported ... Read More 

The U.S. Federal Trade Commission usually gets much of the glory for policing privacy and data security issues. For example, just a few months ago the FTC achieved a settlement requiring Fandango and Credit Karma to establish comprehensive data security programs and biennial security assessments following charges that the companies misrepresented to consumers the level of security of their mobile apps and failed to secure the transmission of consumers’ sensitive personal information. And who could forget the FTC’s Google Buzz settlement from 2011?

But recently the FTC ... Read More 

We have closely followed the twists and turns in Detroit Free Press reporter David Ashenfelter's efforts to avoid being forced to reveal his sources in the civil action against the Department of Justice brought by former federal prosecutor Richard Convertino.  This spring, a federal judge in Michigan allowed Ashenfelter to invoke his rights under the 5th Amendment in order to avoid testifying under oath about his sources.

Last week, the collateral damage from Convertino's legal crusade continued to spread.  This time, Convertino was seeking some 736 DOJ documents that he claimed ... Read More 

A panel of the Minnesota Court of Appeals has ruled in an invasion of privacy case that a MySpace.com posting revealing certain private facts about a plaintiff constituted “publicity per se.”  Although the appellate court ultimately held that the lower court properly granted summary judgment on the invasion of privacy claims in favor of the defendants, the publicity aspect of the ruling is an important because it demonstrates how “old media” publication torts are being applied to new social media.

The plaintiff in Yath v. Fairview Clinics, N.P., Docket No. 27-CV-06-12506 ... Read More 

In October 2008, we reported that the Florida Supreme Court rejected the false light invasion of privacy tort as a viable claim for relief under Florida law.  On December 23, 2008, the Missouri Court of Appeals went the opposite direction and held that Missouri does recognize false light invasion of privacy as an actionable tort. 

In Meyerkord v. Zipatoni Co., the Missouri Court of Appeals vacated and remanded the trial court's dismissal of a plaintiff's claim alleging that the defendant company, Zipatoni, had cast the plaintiff in a false light by failing to remove the plaintiff as the ... Read More 

The Supreme Court of Florida yesterday issued two opinions holding that Florida law does not recognize the false light invasion of privacy tort.  These outcomes constitute significant wins for media defendants in a state where the existence of false light as a viable state-law claim has been hotly debated. 

Rapp v. Jews for Jesus, Inc. involved statements made by the plaintiff’s stepson in a newsletter that suggested the plaintiff had joined or was a believer in the Jews for Jesus philosophy.  Essentially, the plaintiff argued in the underlying proceedings that, while literally ... Read More