Cybersecurity and Data Privacy

On April 18, the Ninth Circuit issued its opinion in hiQ Labs, Inc. v. LinkedIn Corporation[1] in which the court clarified its position on an important topic: whether the common practice of data “web scraping” can create criminal liability under the Computer Fraud and Abuse Act (CFAA). To be clear, the Ninth Circuit was

On February 28, the U.S. Department of Justice (DOJ) agreed to a $930,000 settlement with Comprehensive Health Services (CHS) to resolve False Claims Act allegations. The resolution represents the department’s first settlement under the False Claims Act since instituting its Civil Cyber Fraud Initiative in October 2021.[1] This is a watershed moment in the

On February 25, the Utah Senate passed the Utah Consumer Privacy Act (the UCPA), which closely resembles both the Virginia Consumer Data Protection Act (the VCDPA) and the Colorado Privacy Act (the CPA). The House unanimously passed the bill on March 2. The bill now goes to Governor Spencer Cox, who has 20 days to

On January 28, California Attorney General Rob Bonta announced that his office was beginning an “investigative sweep” of businesses operating consumer loyalty programs in California. The California AG’s press release stated that letters were sent to “major corporations in the retail, home improvement, travel, and food service industries” and allege the recipients’ potential noncompliance with

Data breaches and ransomware attacks are on the rise. On October 7, Oregon Attorney General Rosenblum announced an increase in data breaches reported to his office. The first nine months of 2021 involved 131 reported breaches, exceeding the 2020 total of 110. Financial Crimes Enforcement Network (FinCEN) also announced an increase in ransomware-related activities in

On September 13, the Federal Trade Commission (FTC) released a report to Congress that highlights the agency’s recent efforts to protect Americans’ privacy, announces the agency’s priorities for future data security and privacy protection efforts, and urges Congress to allocate more resources to the agency so it can expand its data security and privacy protection

On September 20, nine Democratic senators wrote a letter to the Federal Trade Commission (FTC), requesting that it create new rules to protect consumers’ personal data and privacy.

The senators played on FTC Chair Lina Khan’s aversion to Big Tech and aggressive antitrust agenda, which we discussed in a prior post, by stating that

Data brokers beware, the Securities Exchange Commission (SEC) has signaled increased scrutiny into the data and privacy practices of technology-enabled companies in the financial services industry. On September 14, the SEC announced that it settled a securities fraud investigation into private technology company App Annie, Inc. and its former CEO and Chairman Bertrand Schmidt, in

On July 19, and just over one year after his office began enforcing the California Consumer Privacy Act (CCPA), California Attorney General Rob Bonta announced that he is “seeing great progress” with CCPA enforcement, even while he urged Californians to take advantage of their new rights under the CCPA.

“Enforcement of the CCPA marks an

The Second Circuit recently issued a decision in McMorris v. Carlos Lopez & Associates, LLC, No. 19-4310, 2021 U.S. App. LEXIS 12328 (2nd Cir. Apr. 26, 2021), which clarifies the circumstances under which plaintiffs alleging an increased risk of future identity theft or fraud due to the exposure of their personal data can establish Article III standing. Notable for being the first Second Circuit decision to address privacy-related standing questions that had arguably created a circuit split, the court endorsed a three-factor framework that would reject a finding of Article III standing absent sufficient evidence of “increased risk” of future fraud or identity theft, but which left open the possibility that standing could still be established where plaintiffs allege a sufficient likelihood of misuse of their personal data.
Continue Reading Second Circuit Clarifies Article III Standing Threshold for Data Breach Class Actions