Alex Berengaut of Covington & Burling analyzes some of the legal issues raised by the indictment of Marcus Hutchins (@malwaretechblog) for allegedly creating and conspiring to sell malware known as the Kronos banking trojan. He writes, in part: Since Hutchins’ indictment, commentators have questioned whether the creation and selling of malware—without actually using the malware—violates…
Category: Legislation
Hong Kong’s Privacy Commissioner Welcomes the Enactment of the Apology Ordinance
(14 July 2017) The Privacy Commissioner for Personal Data, Hong Kong (“Privacy Commissioner”) Mr Stephen Kai-yi WONG welcomed the passing of the Apology Bill by the Legislative Council yesterday (13 July). Mr Wong said, “The enactment of the Apology Ordinance will generally help to protect persons who wish to make an apology without fear of…
Judges Question FTC Data Security Standard at LabMD Argument
Jimmy Koo reports: The Federal Trade Commission’s data security enforcement standard came under fire June 22 from a panel of federal appeals court judges ( LabMD, Inc. v. FTC , 11th Cir., No. 16-16270, oral argument 6/21/17 ). As predicted, the level of harm required for the FTC to act was “front and center” during…
Update: Case Involving Sharing of Passwords May Be Headed to the Supreme Court
Jeffrey M. Schlossberg of Jackson Lewis writes: Last August, we reported on a Ninth Circuit case in which a former employee was convicted of a crime under the Computer Fraud and Abuse Act (“CFAA”) for accessing and downloading information from his former company’s database “without authorization.” The former employee has now asked that the U.S. Supreme review the Ninth…
IL: New Rules to Require Tighter Data Security
Dror Halavy reports: The Knesset Law and Constitutional Committee has approved measures that will require companies and groups that collect data on Israelis to protect the information from hackers. The new rules, which supply specific criteria to organizations on the types of security needed, will apply equally to government and private sector organizations. The measures…
New Mexico passes data breach notification and protection bill
Erich Falke writes: Then there were two. On March 16, 2017, the New Mexico state legislature passed a bill requiring that New Mexico residents be notified if their “personal identifying information” was affected by a breach of electronic data. Upon signature of the bill, New Mexico will join 47 other states requiring such notification, and the only…