Archives: Data Protection & Privacy

Subscribe to Data Protection & Privacy RSS Feed

Does DOJ Approve Of Your Messaging App?

The Department of Justice released new Enforcement Policy for the Foreign Corrupt Practices Act (FCPA). The revisions include a new provision that many believe impairs the use of instant messaging software and other third-party messaging apps by employees. In order to receive a declination and full credit for cooperating with investigators under the Enforcement Policy, U.S. companies … Continue Reading

Fourth Amendment Meets 21st Century

In Carpenter v. United States, the Supreme Court protected cell site location data. Now “the Government must generally obtain a warrant supported by probable cause before acquiring such records.” Read here about the decision and its implications for organizations, particularly technology providers. The article is written by Squire Patton Boggs attorneys Tara Swaminatha, Robin Campbell, … Continue Reading

A Lesson: Follow Through With Encryption Plan

Even the best laid plan for data security requires follow through. A cancer center was penalized $4.3 million by the government for failing to complete its encryption plan for devices.  The decision is instructive even for companies not specifically required to protect data under government regulation. Tom Zeno and Elliot Golding of Squire Patton Boggs discuss … Continue Reading

Circuits Split About Border Search of Electronic Devices

The Supreme Court allows routine border searches because the “Government’s interest in preventing the entry of unwanted persons and effects is at its zenith at the international border.” Some level of suspicion is required only when a search infringes the dignity and privacy interest of the persons being searched. Circuits are now split about whether … Continue Reading

Yahoo Fined Millions by SEC for Failing to Disclose Cybersecurity Breach

In late April, the U.S. Securities and Exchange Commission (SEC) hit Yahoo with a $35 million dollar fine for failing to properly assess and disclose a 2014 data breach that affected more than 500 million user accounts. The case marks the first time the SEC has charged a public company with cybersecurity-related disclosure violations and … Continue Reading

CLOUD Act is Now Law

Buried on page 2,201 of the 2,232-page 2018 Omnibus Spending Bill, the CLOUD Act was signed into law on March 23, 2018. The bill allows U.S. law enforcement to obtain U.S. citizens’ private data from servers anywhere in the world, provided that an agreement exists with that country on data sharing. However, the CLOUD Act … Continue Reading

Supreme Court to Decide Security of the Cloud

On February 27, 2018, the Supreme Court heard oral arguments in a case that will affect the security of data stored in the cloud. At issue in United States v. Microsoft is whether a U.S. based digital communications provider must comply with a warrant for user data stored on servers located outside of the U.S. … Continue Reading

SEC’s 2018 Exam Priorities Reflect Continued Focus on Cybersecurity

Annually, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities for the new year.  Recently, OCIE announced five priorities that will inform its examinations moving in to 2018. OCIE is committed to “promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.” In support of these “pillars,” … Continue Reading

The SEC’s New Year’s Resolutions: Retail Investors and Cybersecurity

2018 arrived in the wake of big changes at the U.S. Securities and Exchange Commission (“the SEC”).  Jay Clayton was sworn in as Chairman of the Commission in May, naming Steve Peikin and Stephanie Avakian as Co-Directors of the Enforcement Division (the “Division”) in June.  As many do for the start of a new year, … Continue Reading

US Departments of Justice and State Launch Intellectual Property Law Enforcement Coordinator Network

The US Departments of Justice and State recently launched the “IP Law Enforcement Coordinator Network” to focus on international trademark counterfeiting, copyright piracy and other forms of intellectual property rights infringement across the world, spanning all industry sectors. And while the components of the Network are not new, there is now renewed focus on these … Continue Reading

Changes to Whistleblowing Regulation under French Data Protection Law

In June 2017 the French data protection authority, the CNIL, published a revised norm for reporting systems ( “AU-004”) that will permit the implementation of the changes recently  introduced by the new French Anti-corruption Law “Sapin II” (as set out in our previous article “New French Anti-corruption Law Sapin II”). To read more about the change … Continue Reading
LexBlog