The Clarifying Lawful Overseas Use of Data Act, commonly referred to as the “CLOUD Act,” a last-minute addition to the $1.3 trillion federal spending bill, has been signed into law by President Donald Trump. The Act allots the United States government more access to Americans’ overseas data for law enforcement purposes and helps foreign governments

Last month, the North American Reliability Corporation (“NERC”) approved a settlement agreement between the Western Electric Coordinating Council (“WECC”) and an unnamed power company that imposed a penalty of $2.7 million on the power company for improper cybersecurity oversight after the company inadvertently allowed critical cyber security data to be exposed online for 70 days.

Going slow and steady may work out for you if you’re a tortoise competing against an overly confident hare. However, if you’re in the mobile device industry and have been lagging on sending out security updates, it’s time to pick up the pace. A new Federal Trade Commission report issued last month found that while

In November, we identified an emerging trend involving Article III standing in cases brought under Illinois’ Biometric Information Protection Act (“BIPA”). The Northern District of California’s recent decision in Patel v. Facebook Inc., No. 3:15-cv-03747-JD, 2018 U.S. Dist. LEXIS 30727 (N.D. Cal. Feb. 26, 2018), denying Facebook’s motion to dismiss for lack of

It is well known that secrets don’t make friends, and if you’re a public operating company, this is especially true for disclosures related to material cybersecurity issues. Last week, the Securities and Exchange Commission issued a guidance that serves as a reminder for public companies of their cybersecurity disclosure requirements under federal securities laws. The

In the last few years, the right to privacy has been hotly debated in the United States. What critics do not understand or appreciate is that the next technological paradigm is completely dependent on improvements both to the quality and quantity of data.

As connected things (IoT) explode in popularity, they make things such as

While no one thinks it’s a good idea to talk about breakups in the month of February, with the deadline approaching for certain federal agencies to comply with the digital identity requirements outlined in the National Institute of Standards and Technology’s Special Publication (SP) 800-63-3, agencies should prepare themselves to say goodbye to outdated,

As we previously reported, last year the United States District Court for the Middle District of North Carolina trebled a jury verdict against DISH Network L.L.C., resulting in a $61 million damages award.  Following the jury verdict, the Court asked class counsel to devise a means for identifying class members.

DISH’s records, referred to

On January 10, the FTC issued a report summarizing the themes and key takeaways from a recent workshop it jointly hosted with the National Highway Traffic Safety Administration (NHTSA) on privacy and security issues related to connected and autonomous cars.

The report – styled a “Staff Perspective” – noted several important themes that emerged from

The United States District Court for the Central District of California recently granted summary judgment to Sirius XM Radio, Inc. in a putative class action under the Driver’s Privacy Protection Act (“DPPA”).

As background, plaintiff James Andrew alleged on behalf of himself and a putative class that Sirius sent solicitation letters using personal information obtained