As we head toward the Labor Day Weekend, it is a good time to point out a couple of noteworthy state level legislative developments in the Information Security and Privacy space.
On August 22nd the California State Assembly passed SB 914 which amends the California Penal Code to make clear that police must acquire a search warrant in order to search an individual’s cell phone or other portable electronic device incident to the arrest of that individual.
Continue reading “State Law News (August 2011)”
Another data breach carried out by the “hactivist” group known as “Anonymous” provides an opportunity for businesses to become reacquainted with several important data security concepts. First let’s briefly review the background of the incident.
This time Anonymous hacked the Bay Area Rapid Transit system, commonly known as BART. BART is the second largest public transportation system in Northern California and carries about 40,000 riders a day. Anonymous was able to access and steal personal information on about 2400 BART customers who utilize the myBART website to manage their accounts. The information taken was reported by Anonymous to include system user names and passwords, individual last names, addresses, and telephone numbers.
Continue reading “Anonymous Educates Us About Security– Again”
One of the most valuable assets of any company is its intellectual property. Although technology has led to great efficiencies, it has also created new exposures for businesses, particularly with respect to the protection of valuable trade secrets. One of the key tools in a litigator’s arsenal in the fight against theft of trade secrets is the Computer Fraud and Abuse Act (CFAA). It prohibits a person from intentionally accessing a computer without authorization or exceeding authorized access to obtain information, perpetrate a fraud, or cause damage. Unfortunately, the issues are not always straightforward. Issues have arisen about the extent to which a business can use the CFAA to protect its information because there are conflicting views among the courts on the meaning of “authorization.”
Continue reading “Employee Theft of Trade Secrets – Protecting the Family Jewels”
In October 2005 the Federal Financial Institutions Examination Council (FFIEC) issued updated information security guidance for financial institutions offering internet-based financial products and services. The 2005 Guidance discussed the need for financial institutions to (1) utilize effective and well considered risk assessments in order to carefully evaluate the risk to an institution’s data in light of the nature and scope of the data services offered online; and (2) employ customer awareness and education as an effective means of reducing or eliminating risks associated with online banking.
Continue reading “Important New Banking Security Guidelines”
In the flurry of activity immediately preceding the close of the United States Supreme Court’s term in June, the court accepted Cert on what could be a pivotal 4th Amendment privacy case: United States v. Jones. Jones presents the court with the opportunity to define the extent to which a person has an expectation of privacy with regard to their movements.
First the salient facts. Jones was the owner of a D.C. night club which was under federal investigation for suspected drug trafficking. At the conclusion of the investigation, Jones and the club’s Manager, Lawrence Maynard, were indicted for conspiracy to possess and distribute cocaine. They were tried jointly and convicted.
Continue reading “Court To Decide Important Privacy Rights Case”
Congress is currently considering a bill to prevent the abuse of location data collected by electronic devices. In the mean time, we all have to question how much privacy are we willing to give up to get the types of services and apps we have come to love?
For example, did you know that when you take a picture with your smartphone and post that picture to the web, that photo could be tagged with geolocation data (i.e. Latitude and Longitude). Automatic geotagging is generally enabled by default on smartphones. While it sounds desirable to know where and when you took a vacation photo, consider the adorable photo you took of your children playing in your backyard and posted on line or the expensive piece of jewelry you just posted on e-Bay. Do you really want to give your location to everyone online?
Continue reading “Geotagging and Other Electronic Tracking – Worth the Risk to Privacy?”
While it may surprise some, the answer to that question is YES. As a result of the expanding volume of electronic data that must be produced in litigation, e-discovery costs have been one of the biggest concerns of both clients and lawyers for some time. Now, clients and lawyers alike have reason to stress about the costs even more. Recently, a federal court in the Western District of Pennsylvania held that the two prevailing defendants may recover e-discovery costs because such costs are the modern-day equivalent of duplication costs. While the judge took care to limit the ruling to the “unique” facts associated with this case, it has not stopped lawyers from speculating about what other cases might similarly fall within the purview of this ruling.
Continue reading “The Changing Face of Litigation – Can the Loser Be Charged With the Other Party’s E-Discovery Costs?”
Whether we like it or not, information really is king. This has been true for a while now, but it is even more clearly so now. In one way or another we now depend upon digital information for almost everything: to protect us, feed us, cloth us, entertain us and, most importantly, inform us. Erosion of trust in the integrity of the information that we mutually consume and produce effects us all in ways which may not be immediately harmful, but are none the less detrimental to us collectively. Information is king, but trust is paramount in such a world.
Continue reading “There Is No Genuine Information Without Security”