Orin Kerr writes: The Ninth Circuit has handed down United States v. Nosal (“Nosal II“), a case on the scope of the Computer Fraud and Abuse Act that I blogged about here and here. The court held 2-1 that former employees of a company who had their company accounts revoked violated the CFAA when they subsequently…
Category: Federal
Circuit Upholds Nosal Conviction in Key CFAA Decision
Ross Todd reports: Ruling in a case that tested the boundaries of the Computer Fraud and Abuse Act, a divided panel of the U.S. Court of Appeals for the Ninth Circuit on Tuesday upheld the conviction of former Korn/Ferry International recruiter David Nosal. Circuit Judge M. Margaret McKeown found that Nosal had knowingly and intentionally…
ERISA and Cybersecurity
Larry Goldstein of McGuireWoods LLP writes: Employee benefit plan data stored online may include participants’ names and Social Security numbers, account information and protected health information (PHI), all of which are inviting targets for hackers. Highly-publicized data breaches in recent years have called attention to the obligations of benefit plan administrators (typically the employers sponsoring…
Retailers fight to silence customer data breaches
Violet Blue reports: A consortium of retailers, including Target and Home Depot, vowed to fight a data breach notification bill. The bill, HR 2205 from Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.), would require companies to tell customers when they’ve been hacked and would also require the encryption of data in both storage and transit. It would…
Heads Up Internet: Time to Kill Another Dangerous CFAA Bill
Jamie Williams writes: The Computer Fraud and Abuse Act (CFAA), the federal “anti-hacking” statute, is long overdue for reform. The 1986 law—which was prompted in part by fear generated by the 1983 technothriller WarGames—is vague, draconian, and notoriously out of touch with how we use computers today. Unfortunately, Sens. Sheldon Whitehouse and Lindsey Graham are on a mission…
Norway Starts Requiring Data Breach Notification
Marcus Hoy reports: The Norwegian Data Protection Authority recently said it will require companies to notify individuals whose personal data has been disclosed without their consent. DPA Senior Adviser Eirin Oda Lauvset told Bloomberg BNA April 18 that Norwegian laws don’t specify a general right for data subjects to be informed of breaches. According to the DPA,…