Gus Hurwitz has a slightly different take on the Third Circuit’s opinion in FTC v. Wyndham. On the issue of notice, he writes, in part: The court goes on to find that Wyndham had sufficient notice of the requirements of Section 5 under the standard that applies to judicial interpretations of statutes. And it expressly notes…
Month: August 2015
Woman suing over shared medical records ‘not the same person she was before’
Hillary Jackson reports: A former co-worker of a woman who sued UCLA after a romantic rival allegedly sent copies of her medical records to third parties testified Wednesday that the plaintiff’s demeanor changed significantly after the breach occurred. […] Lozano alleges in her lawsuit filed in April 2013 that a temporary worker in the office…
Psychiatrist leaves desktop with PHI in trunk of his car, and…. yes.
Robert E. Soper, M.D. is notifying current and former patients: During a visit to San Francisco On June 27 my car was broken into and my computer stolen, along with camera, suitcases, and other equipment. The computer was an older office desktop I planned to give to my brother. It was hidden in the trunk….
Pentagon unveils new rules requiring contractors to disclose data breaches
Aliya Sternstein reports: New sweeping defense contractor rules on hack notifications take effect today, adding to a flurry of Pentagon IT security policies issued in recent years. Just this month, the Office of Management and Budget proposed guidelines to homogenize the way vendors secure data governmentwide. The Defense Department had already released three other policies that dictate how military vendors…
Ninth Circuit overturns CFAA verdicts for misusing databases
Orin Kerr writes: The Ninth Circuit has handed down United States v. Christensen, a case that touches on a bunch of computer crime issues that include the scope of the Computer Fraud and Abuse Act (CFAA). The court overturned CFAA convictions for employee misuse of a sensitive database. I think that result is correct, although I’m…
Banks’ Class Certification Motion Trumpets Target Data Security Failings, Ignores Impact of Card Association Settlements
Kevin M. McGinty of Mintz Levin writes: Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach. Their July 1 motion for class certification has just been unsealed, allowing a glimpse at plaintiffs’ version of the events during November and December 2013 that resulted in theft of payment…