Category: Litigation & Regulator Actions

US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn

On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]

Supreme Court Curtails FTC Authority to Obtain Monetary Relief via Section 13(b)

The FTC’s toolkit to enforce unfair and deceptive practices in the privacy and cybersecurity realm was reduced last week when the Supreme Court ruled that Section 13 of the FTC Act does not allow for monetary relief. Read more about the decision and its impact. The FTC retains authority to […]

New York Department of Financial Services Launches Enforcement of Cybersecurity Rules

The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.

FTC Increasingly Looks to Public Companies’ SEC Disclosures for Privacy and Cybersecurity Enforcement Opportunities

While the FTC does not make its initial privacy and cybersecurity investigations public, there have been reports that the FTC has initiated an increasing number of privacy and cybersecurity-related enforcement actions following disclosures of privacy or cybersecurity incidents by public companies in their SEC filings. 

LinkedIn Data Scraping Case Shows 9th Circ. Shift On CFAA

When may a company legally scrape data from another company’s website? Does it matter whether the website is open to the public or only to logged-in users? This is a contested area of law under the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, the federal statute that imposes […]

Ninth Circuit Restricts Immunity for Filtering Objectionable Content

Companies that make anti-virus and similar software that helps internet users guard against dangerous online content must now think twice about whether they can be sued for their decisions about what content to filter. This is the result of a significant ruling last month by the United States Court of […]

Standing to be Dismissed – The U.S. D.D.C. Weighs in on “Actual Damage” in Data Breach Litigation

In Attias v. CareFirst, Inc., the U.S. District Court for the District of Columbia (D.D.C.) jumpstarted the debate concerning the harm plaintiffs must allege to move forward with data breach class action litigation.  In recent years, courts across the country have disagreed about what constitutes an “injury-in-fact” when an individual’s […]

SEC Poised to Ramp up Cybersecurity Enforcement

On October 16, 2018, the Securities and Exchange Commission (SEC) issued an investigative report signaling its intent to use sections 13(b)(2)(B)(i) and (iii) of the Securities Exchange Act of 1934 (the “Exchange Act”) to pursue enforcement actions against public companies that fail to tailor their internal controls to evolving cyber […]

Ohio Enacts Liability “Safe Harbor” for Entities That Maintain Specified Cybersecurity Programs

On August 3, 2018, Ohio Governor John R. Kasich announced that he signed Substitute Senate Bill 220 (“SB 220” or “Bill”) that, in part, affords a litigation “safe harbor” to covered entities that implement, maintain, and comply with specified cybersecurity programs. Covered entities, e.g., businesses, sued after a data breach […]

US Supreme Court: Fourth Amendment Applies to Cellphone Tracking

In a landmark Fourth Amendment decision in Carpenter v. United States, delivered on June 22, the Supreme Court addressed the intersection of privacy and law enforcement in the digital age. It held that law enforcement officials must obtain a search warrant based on probable cause in order to compel cellular service providers […]