Category Archives: Cyber Laws

A TCPA Slam Dunk in the Ninth Circuit?

The fight is not over yet, but the insurance industry just had a significant victory in the United States Court of Appeals for the Ninth Circuit. The scenario is likely familiar to most. You’re invited to send a text and get something in return—maybe news updates, maybe a chance to win concert tickets. In this case it was the promise of having your sent text posted at a basketball game. Someone sent a text hoping to see their message on a big screen at a Lakers game, and then shortly thereafter got a text back reading something along the lines …

[ CONTINUE READING ]

Autonomous Vehicles and All That Data

In an earlier post, we discussed the potential ownership models for autonomous vehicles, also known as driverless cars (“AVs”). Models range from true traditional ownership as we understand it today, to licensed-based models (vehicles owned by someone else but you can use them on an exclusive or non-exclusive basis), to service-based models (you do not own the vehicle, but you can call it when you want it, e.g. cab, Uber).  In this post we will explore the data-intensiveness of autonomous vehicles, the impending data “land grab,” and who will own and control all of the data generated by AVs. An …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective (Part II)

We published Part I of our “Anthem Breach Retrospective” in January 2017.  Coincidentally, at around the same time several plaintiffs in one of the earliest filed cases arising out of the Anthem data breach voluntarily asked a judge in the Northern District of California to dismiss their lawsuits. The requests for dismissal came after Judge Cousins ordered select plaintiffs to comply with a discovery request by Anthem, requiring them to submit their computers to an independent forensic examiner to determine whether malware caused data or credentials to be stolen from the plaintiffs’ computers even before the breach of Anthem’s systems. …

[ CONTINUE READING ]

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014.  The number of complaints that year had spiked up compared to 2013: around a 25% increase.  This post will examine key cases from 2015 and 2016.  While the number of complaints in 2015 was relatively steady with 2014, it appears, based on preliminary numbers, that 2016 was the busiest year ever for the Office. HHS has data through November 2016 currently posted on its website, but no …

[ CONTINUE READING ]

Legal Considerations for Website Privacy Policies

You finally created your website. Did you include eye-catching graphics? Check. Did you include an attention-grabbing banner slogan? Did you post all of your social media handles? Did you include a privacy policy for the website? Maybe… We get questions from clients about whether they are required to include a privacy policy and, if so, what should it say.  The answers may surprise you, but a privacy policy should definitely not be an afterthought for website owners.  It certainly isn’t a best practice to simply copy and paste the privacy policy of another’s company’s website.  The representations made in website …

[ CONTINUE READING ]

Ninth Circuit Reaffirms Section 230 Protections

Information Counts.  That’s the title of this blog.  And it’s an indisputable fact.  Information is – and has been for at least 20 years – the currency of our economy, providing consumers, regulators and the general public information about business, practices and events. A critical, and even indispensable, factor in the development of the information economy is Section 230 of the Communications Decency Act, which was part of the massive Telecommunications Reform Act of 1996.  That subsection provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided …

[ CONTINUE READING ]

Policing Internet Privacy: FCC’s New Frontier

Unwilling to be left behind by the likes of Google and Facebook, Internet Service Providers are increasingly exploring how they may capitalize on the high-value targeted advertising market.  In November 2016, AT&T explained that targeted advertising is a major contributor behind its bid to buy Time Warner Inc. for $85 billion.  AT&T is not alone.  In 2015, Comcast acquired an ad-targeting firm, Visible World, in what has been widely viewed as an effort to gain stronger footing in the industry.  Another major mobile carrier recently came under fire following its acquisition of a name-brand ISP for sharing information about users …

[ CONTINUE READING ]

You Just Used My Picture Without Permission?

Artist Richard Prince’s exhibit entitled “New Portraits’’ was displayed at New York City’s Gagosian Gallery and Frieze New York during the summer of 2015.  This exhibit featured screenshots of other people’s Instagram photos.  These screenshots were not altered.  They were simply the pictures that Instagram users posted, with an addition of Prince’s comments in the comment section of the post. What is remarkable is that the individuals whose likenesses and photographs were used were unaware of the use.  Prince did not ask for permission or provide notice.  He just used the pictures.  Apparently, the art world was pleased with his …

[ CONTINUE READING ]

Will Privacy Enforcement Actions Impact “Reasonable” Security Measures Needed to Protect Trade Secrets?

In widely-publicized, contested privacy cases last year, the FTC advocated in favor of a high baseline for information security measures.  Among the security practices attacked by the FTC as critical mistakes by companies suffering data breaches: Storing sensitive data in readable text; Any system that permits the use of easily-guessed passwords; Failure to use firewalls between internal systems, the corporate network and the Internet; Lack of adequate administrative security policies and procedures; Failure to adequately restrict third-party vendors from network and corporate servers; Failure to employ reasonable measures to detect and prevent unauthorized access; and, Failure to follow proper incident …

[ CONTINUE READING ]

Private Bankrolling of Defamation and Privacy Suits

The New York Times recently reported that famed Silicon Valley investor and PayPal co-founder Peter Thiel has been secretly bankrolling “Hulk Hogan’s” (real name Terry Bollea) invasion of privacy suit against Gawker Media. The lawsuit concerns the publication of a sex tape involving Mr. Bollea and the then-wife of one of his friends. Yuck. Double yuck that Gawker saw fit to publish the tape on its site. The yuck factor and legal merits of the suit aside, Mr. Thiel’s involvement could be a game changer. For more than 50 years, American defamation law has been tilting decidedly in favor of …

[ CONTINUE READING ]