Shawn E. Tuma writes: When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does…
Category: Federal
Dem urges sanctions on North Korea for hacking
Cory Bennett reports: Sen. Michael Bennet (D-Colo.) on Wednesday called on his colleagues to move a bill that would strengthen the government’s ability to sanction North Korea for hacking. “North Korea’s repeated acts of aggression and hostility call for stronger sanctions,” Bennet said in a statement. The bill, known as the North Korea Sanctions Act,…
Ottawa working on “options regarding next steps” for Canada-wide mandatory privacy breach notification
Canadian Underwriter reports: Before the House of Commons was dissolved last summer to kick off the federal election, the ruling Conservatives passed the Digital Privacy Act, which creates new offences for failing to report data security breaches. However, nation-wide mandatory breach notification would not actually take effect unless the government develops regulations, and it is not…
LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach
Alan L. Friel and Gerald J. Ferguson of BakerHostetler provide their interpretation of recent rulings: Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute…
Korea opens pan-industry center for credit data protection and security
Lee Sun-young reports: Korea Credit Information Services, a pan-industry body tasked with data preservation and protection, was launched in Seoul on Tuesday amid mounting calls for data security after a series of large-scale information leaks. The new entity will act as a centralized data center for personal credit information, taking over data collected and preserved…
Scope of Preemption in Proposed Data Security Legislation is Uncertain
David Bender writes: According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear. Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every…