The California Invasion of Privacy Act (CIPA) penalizes unauthorized eavesdropping on communications “carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio. . .” Cal. Penal Code § 632.7(a). Recently, plaintiffs have pressed courts to include internet-enabled communications on smartphones
Data Law Insights
Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
Blog Authors
Latest from Data Law Insights
Mini-Series on CIPA – Part 1: What is a ‘Communication’ Anyway?
Companies have websites to reach customers, share products and services, and communicate brands. But websites can also create legal risks. Recently, litigation has surged against website owners for violating the California Invasion of Privacy Act (CIPA). This 1960s phone-wiretapping law is now used against websites that collect and share visitor data with third-party vendors.…
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
Key Takeaways
1. New cybersecurity measures and requirements are introduced by the EU for companies.
2. Contractual provisions with the supply chain may need to be revised.
3. High penalties and liability for management, including personal liability.…
Text Messages Lead to $4.47B Liability in Securities Fraud Case
Text messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence. It has become clear that the most interesting, and sometimes most problematic, communications often do not take place via email.…
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
The U.S. Securities and Exchange Commission (“SEC”) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges in determining whether and when a cybersecurity incident warrants disclosure under Item 1.05.
On May…
“Browsing and location data are sensitive . . .. Full stop”
“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis of complaints the FTC filed against Avast, X-Mode Social, and InMarket. A…
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who handles sensitive data such as Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) during…
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Policy Notice” (the “Policy Notice”)…
European Parliament Adopts Final EU Data Act
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to shape Europe’s digital future (see our earlier posts here and here).
The widespread use…
European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized rules on artificial intelligence (commonly known as the AI Act Proposal). Although the EDPS…