Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out
Data Law Insights
Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
Blog Authors
Latest from Data Law Insights
Mini-Series on CIPA – Part 3: Can I Eavesdrop on My Own Conversation?
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out…
Mini-Series on CIPA Part 2: What is a ‘Phone’?
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out…
Mini-Series on CIPA – Part 1: What is a ‘Communication’ Anyway?
Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out…
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
Key Takeaways
1. New cybersecurity measures and requirements are introduced by the EU for companies.
2. Contractual provisions with the supply chain may need to be revised.
3. High penalties and liability for management, including personal liability.…
Text Messages Lead to $4.47B Liability in Securities Fraud Case
By John Sohn & Alicia Clausen
Text messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence. It has become clear that the most interesting, and sometimes most problematic, communications often do not take place via email.…
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
The U.S. Securities and Exchange Commission (“SEC”) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges in determining whether and when a cybersecurity incident warrants disclosure under Item 1.05.
On May…
“Browsing and location data are sensitive . . .. Full stop”
“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis of complaints the FTC filed against Avast, X-Mode Social, and InMarket. A…
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during…
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”)…