Hunton Andrews Kurth writes: On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic,…
Category: Federal
DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers
Andrew Crocker of EFF responds to the announcement this week by DOJ about its revised policy for enforcement of the Computer Fraud and Abuse Act: The Computer Fraud and Abuse Act (CFAA), the notoriously vague anti-hacking law, is long overdue for major reform. Among many problems, the CFAA has been used to target security researchers whose work…
Fraudster who hacked SUNY Plattsburgh accounts gets 9 ¼ year prison sentence
Robert Gavin reports: A federal judge sentenced Michael P. Fish to 9 ¼ years in prison Friday, saying he depravedly hacked into the accounts of dozens of unsuspecting female students at SUNY Plattsburgh, stole their private photos and sold the images on the internet. With his family watching on a courtroom bench, the 26-year-old Fish sat in…
Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act
The Department of Justice today announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA). The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security…
Mint gets data breach claims dismissed
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this case apart from the typical data breach case….. Fraser alleges that Mint allowed Fraser’s number to…
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…