Brent Kendall reports: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. We wrote about Wyndham’s challenge earlier this month in a case involving attacks by hackers on the hotel chain’s computer systems between 2008 and 2010. The FTC sued Wyndham last year…
Category: Federal
APF responds to AU’s data breach notification draft bill
The Australian Privacy Foundation has responded to Australia’s draft breach notification law. You can read their comments here. Not surprisingly, I agree with their concerns.
Attacks ‘highlight need for data breach notification law’
Paul Smith reports: The Australian Bankers Association has defended the strength of IT security processes in place across Australia’s banking system following the revelation that Reserve Bank of Australia systems had been compromised by China-based hackers. However, security experts said the incident highlighted the need for Australian data breach notification laws to be tightened to force…
Crowd-sourcing an idea for a law
Thanks to partisan politics and intensive industry lobbying, we have no strong federal breach notification law. This, of course, is not news to my readers. But in light of (1) Congress’s current interest in cybersecurity and sharing of information, (2) the fact that up to 40% of breaches are first detected by members of the…
Minnesota resident sues state agency and employee over breach involving driver’s license database
A Minnesota resident, Jeffrey Ness, has filed a potential class action lawsuit against the state’s Department of Natural Resources (DNR) and Department of Public Safety after a DNR employee exceeded authorized access and accessed about 5,000 residents’ driver’s license information. The employee was terminated but the motive for the improper access was not disclosed. In the lawsuit filed…
Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords
Orin Kerr writes: The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an…