Since the Supreme Court’s decision in Spokeo v. Robins, courts have begun to ratchet back prior decisions on the minimum standard to plead an injury sufficient to establish Article III standing. The recent Eighth Circuit opinion in Braitberg v. Charter Communications adds to the growing number of cases defendants will rely upon to get data breach cases dismissed at the pleadings stage. Braitberg addressed standing in the context of the retention, use, and protection of personally identifiable information. Although the case did not involve a data breach, its holding is however instructive when defending against such cases.
In Braitberg, plaintiff alleged that he was required to provide personally identifiable information to purchase cable services and that the cable provider improperly retained his information long after he cancelled the services in violation of the Cable Communications Policy Act (“CCPA”).
Prior to Spokeo, such claims would have been sufficient to establish Article III standing because the Eighth Circuit permitted the actual injury requirement to be satisfied solely by pleading that there was an invasion of a legal right that Congress created. The Supreme Court in Spokeo held that Article III standing requires a “concrete injury” even in the context of a statutory violation.
With the benefit of Spokeo’s guidance, the Eighth Circuit acknowledged that Spokeo superseded its prior precedent. Accordingly, the panel affirmed the district court’s dismissal of the complaint for lack of Article III standing and failure to state a claim. In doing so, the panel rejected arguments that CCPA created standing to sue where the defendant merely retained the data in violation of the statute with no other injury. It further rejected an economic argument that retention of the data deprived plaintiff of the full value of the services received from the company.
This decision is important for two reasons. First, the Eighth Circuit further narrowed the scope of allegations that will give rise to Article III standing in a post-Spokeo world. Second, in denying the economic argument, the court cut off an alternative avenue by which plaintiffs have successfully alleged harm.
It probably is fair to say that most of us are glued to our computers for a large part of each and every day. Accordingly, how can we improve our computer experience? A good start is to follow eight fairly simple tips, among a variety of other tips that also could be considered.
First, make sure periodically to restart your computer. A restart can cure computer sluggishness. We all have a need for speed, so reboot!
The second tip is not use your keyboard as a plate. You accidentally could spill something that could destroy your computer. Also, computer keyboards host all sorts of bacteria and thus are not sanitary. So, don’t compute where you eat! Continue reading How to Improve Your Computer Experience
Ransomware attacks are on the rise and expected to reach epidemic proportions. The most publicized attack took place this year at the Hollywood Presbyterian Medical Center when it was forced to declare an “internal emergency” after a ransomware attack locked down its systems. Businesses that are viewed as offering a combination of valuable data and weak security may be seen as attractive to attackers. Some attackers have strictly financial motivations while others may simply be in it for “the data.”
According to Cisco’s Midyear Cybersecurity Report, email and malicious advertising are the primary ways ransomware infiltrates a system. Businesses often pay the ransom but even when paid, files may be lost or altered in ways that could be devastating to the business.
Cisco reports that companies entering into M&A deals often do not conduct enough due diligence on the risk posture of the acquired business and realize their shortcomings after the deal is done, when it is too late to remediate problems or when it’s harder to do so because the networks are intertwined.
What can you do? Robust security is clearly the first step to prevent attacks and that begins with the creation of a comprehensive privacy and security roadmap that addresses high risk areas, compliance gaps and specific tactics for incident preparedness. It is important to involve experienced counsel at the outset to not only advise on the array of federal and state privacy and cybersecurity laws and help develop the policy but also to direct any security investigation so that consultants can report potential vulnerabilities to outside counsel to protect potentially negative findings from discovery in future litigation.
On September 7th, the Federal Trade Commission will begin its series of seminars on new and emerging technologies with a workshop on ransomware.
Thumb drives, keyboards, and mice, oh my! That’s right, these USB devices now may be the latest “lions, tigers, and bears” to fear in our high-tech world.
According to a recent Reuters article, such USB devices possibly can be compromised to hack into personal computers in a previously unknown form of attack that supposedly can side-step current security precautions.
As reported by Reuters, Karsten Nohl, a chief scientist at SR Labs in Berlin, has stated that hackers potentially can load software onto very small and inexpensive chips that control the functions of USB devices, but which presently do not have “built-in shields” that would prevent tampering with the devices’ operative code.
Continue reading Wait, Now USB Devices May Be Unsafe Too?
People frequently use Snapchat to send messages back and forth with the understanding that those messages will disappear after a designated expiration time.
However, the Federal Trade Commission (FTC) launched an investigation and asserted charges that Snapchat messages actually do not vanish as promised. In the wake of those charges, Snapchat and the FTC have settled, according to a recent FTC press release.
So, what is the scoop? Read on.
Continue reading Do Snapchat Messages Really Vanish? Ask the FTC
By now, we all have heard of potential security problems and risks on the Internet. And most recently, we must worry about which Web browser we use.
Indeed, the U.S. Department of Homeland Security cautioned Americans last week to refrain from using Internet Explorer because of a significant security flaw.
This flaw apparently enables hackers to circumvent the Windows operating system’s security protections. Once that happens, there can be “infection” caused when a compromised website is visited.
Continue reading Reminder: Update Internet Explorer to Fix Security Flaw
One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online. iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Continue reading mHealth App Use: Is Data Truly Protected?
Cyber threats are real and they’re on the rise. In this climate, the White House is considering certain incentives for companies that follow government recommended cybersecurity measures.
While the Cyber Intelligence Sharing and Protection Act (CISPA) passed the House in April, the Obama administration’s cybersecurity program is only just taking shape, and its tentative concepts were recently unveiled.
Continue reading Proposed White House Cybersecurity Incentives Could Pay Off
The House has approved the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 624). CISPA allows private companies and the federal government to exchange information relating to cybersecurity threats.
The bill was passed in the face of some concerns that it might provide private consumer information to the government. According to Reuters, President Obama has threatened to veto the bill on the basis that it supposedly does not mandate that companies take the greatest efforts to remove personal information before providing it to the government.
Continue reading Cybersecurity Bill Passes The House, But What’s Next?
Google has posted a “Transparency Report” that provides a range of how many National Security Letters (NSLs) it has received and a range of how many users/accounts were specified in these NSLs each year since 2009. Of course, your first question may be: What is an NSL?
An NSL is a special search vehicle by which the FBI has the authority to demand the disclosure of customer records maintained by banks, Internet Service Providers, telephone companies and other entities. When this happens, these entities are prohibited from revealing to others their receipt of an NSL. There have been reports that the issuance of NSLs has expanded significantly since the Patriot Act increased the FBI’s power to issue them.
Continue reading Google Transparency Reveals FBI’s Use Of National Security Letters