Washington State Cyberstalking Law Deemed Unconstitutional

On February 22, a federal judge in the State of Washington held that Washington’s cyberstalking law impermissibly inhibits constitutionally protected speech in violation of the First Amendment. The case of Rynearson v. Ferguson was commenced by Richard Rynearson, III against Washington State’s Attorney General and county prosecuting attorney under 42 U.S.C. Section 1983 for the purpose of enjoining the state’s enforcement of its cyberstalking statute, Wash. Rev. Code Section 9.61.260. Rynearson is an online author and activist who regularly writes online posts and comments directed…
Continue reading...

Data Privacy Best Practices on Data Privacy Day

Data Privacy Day is the perfect time to make sure that you – and your company’s employees – are practices data privacy best practices.  We’ve put together a list if best practices to keep your data secure:
  • Develop a data protection plan, including privacy policies, terms of use for online devices, data breach plans, and an assessment of your company’s current cybersecurity practices and weaknesses. 
  • Keep software up to date.  This might seem obvious, but it’s a surprisingly common pratfall.  This includes not

Continue reading...

TSA Releases Cybersecurity Roadmap to Guard Against Evolving Cyber Threats

The Transportation Security Agency (TSA) has released its first Cybersecurity Roadmap to prioritize cybersecurity measures within the TSA and the nation’s transportation system, the Transportation Systems Sector (TSS). The TSA’ Cybersecurity Roadmap closely aligns with the more general DHS Cybersecurity Strategy published earlier this year. The roadmap notes that TSA’s mission responsibilities include: (1) securing its own networks, and (2) working with its partners and TSS stakeholders, in coordination with the Department of Homeland Security (DHS), to secure its cyberspace. In order to ensure cybersecurity…
Continue reading...

In Line with GDPR, Canada Amends its Privacy Protection Regulation to Include Stringent and Mandatory Breach Notification Rules

On November 1, 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) was amended to include stringent, mandatory breach notification rules. These rules are similar to the European Union’s General Data Protection Regulation (GDPR), which took effect in May, 2018. Organizations that conduct business in Canada will be subject to PIPEDA as well as the GDPR, if that organization is accessible in the European market. The new PIPEDA regulations reinforce the image of Canada as an international leader in personal data protection…
Continue reading...

Data Privacy Goes [Back] to Washington

One of most interesting parts of the “Framework to Advance Interoperable Rules (FAIR) on Privacy” released on October 22, 2018 by the Information Technology Industry Council, a lobbying group representing Adobe, Amazon, Apple, Facebook, Google, Microsoft, Twitter, Visa and many others, may be the admission that the fundamental privacy principles intended to inform the development of future legislation were designed some 45 years ago in Washington D.C. by the United States Department of Health, Education and Welfare. In July 1973, the United States Department of…
Continue reading...

Facebook Moves to Dismiss Derivative Action Arising Out of Cambridge Analytica Scandal

On September 28, 2018, Facebook and its board of directors moved to dismiss a derivative action filed by Karen Sbriglio, a Facebook investor, alleging breach of a fiduciary duty.  The lawsuit, filed after revelations of the Cambridge Analytica scandal, claims the failure of Facebook’s leadership and governance in permitting the misappropriation of Facebook users’ data subjected it to public scrutiny, billions of dollars of lost market value, and significant fines and costs.  The basis of Facebook’s motion was that the company’s board, rather than…
Continue reading...

Long-struggling ‘Google Plus’ Social Network to be Shutdown after Security Breach Affects 500,000

On Monday, October 8, 2018 Google disclosed a security breach it discovered months ago that put at risk the personal data of hundreds of thousands of Google Plus users. In March, Google discovered, and fixed, the bug that allowed outside software developers to gain access to personal information on Google Plus users, including names, email addresses, ages, occupations and relationship status. The company’s decision to not immediately report the software bug has some concerned that Google cannot be relied on to protect privacy. Google…
Continue reading...

SEC’s First Cybersecurity Enforcement Has Many Lessons

The Securities and Exchange Commission recently announced its first ever cyber-related enforcement action in a case that all companies should look at as a refresher on cybersecurity hygiene. In the Matter of Voya Financial Advisors, Inc. was brought against the publicly traded company that manages over $500 billion after a security breach through several of its brokers acting as independent contractors for the company. These brokers typically accessed Voya clients’ PII through a password protected web portal while using their own IT equipment and networks.…
Continue reading...

The GDPR Question and Answer Guide

Attorneys in Goldberg Segalla’s Cybersecurity and Data Privacy, Global Insurance Services, and other practice groups have fielded countless questions from clients and colleagues curious (or concerned) about the European Union’s (EU) General Data Protection Regulation (GDPR), the landmark legislation governing data protection and privacy for all individuals within the European Union, as well as the export of all data from the EU and European Economic Area (EEA). Here, we answer the most frequently asked questions pertaining to the GDPR’s who, what, when, where, how, and…
Continue reading...

Fourth Circuit Weighs in on the Evolving Law of Standing in Data Breach Litigation to Hold that Misuse of Stolen Data Confers Standing

While data breach lawyers wait for the U.S. Supreme Court to more clearly define when a hack confers standing on the individual whose personally identifying information (PII) is stolen, the Circuit Courts of Appeals continue to choose sides over a useful standard. On June 12, 2018, the Fourth Circuit weighed in to hold that the individual has standing when the data is actually misused, such as when the hackers open fraudulent credit cards with the stolen PII, and the individual spends time and resources on…
Continue reading...