Privacy + Cyber

Subscribe to Privacy + Cyber via RSS

In Cour v. Life360, Inc., the United States District Court for the Northern District of California granted a defendant’s motion to dismiss a claim under the  Telephone Consumer Protection Act, finding that the defendant’s system for sending text messages did not constitute “making” a call under the statute.  In reaching

The Court of Appeals for the District of Columbia shot down a putative class action brought against Urban Outfitters, Inc., and Anthropologie, Inc., which had alleged that the companies violated D.C. consumer protection statutes by collecting customer ZIP code information during in-store checkout.  The July 26 ruling remanded the suit for dismissal, and held that

Federal courts continue to interpret and analyze the Supreme Court’s decision in Spokeo, Inc. v. Robins Recently, a federal judge in New York permitted a lawsuit against Hearst Communications, Inc., to move forward after considering supplemental briefing on Article III standing.  

Plaintiffs Suzanne Boelter and Josephine Edwards subscribe to magazines published by Hearst.  Plaintiffs

Microsoft prevailed in its appeal to the Second Circuit from an order denying its motion to quash a warrant seeking a Microsoft user’s email stored on the company’s servers in Ireland.  The ruling sets important precedent limiting the extraterritorial reach of the federal government in seeking to compel disclosure of private company data under the

Most organizations understand the importance of timely implementing software updates and patches.  However, open platforms have permitted a level of customization such that a patch in one application may have unintended consequences in other parts of the overall system architecture, including customization of the software being updated.  A good example is the recent Microsoft security

The FTC issued warning letters to 28 companies that allegedly advertised participation in the Asia-Pacific Economic Cooperative Cross-Border Privacy Rules system (“APEC CBPRs”), but had not received the requisite certification.  A company seeking to participate in the CBPR system must first have its compliance established by an APEC-recognized accountability agent.

The APEC CBPRs is a

As we previously reported, Plaintiff Jonathan Torres filed a putative class action against Wendy’s in the wake of a data breach that the fast-food company suffered earlier this year.  Wendy’s subsequently filed a motion to dismiss Torres’ complaint, which the U.S. District Court for the Middle District of Florida granted on July 15. 

In

Health care entities and their business associates with access to electronic Protected Health Information (ePHI) are subject to the HIPAA Privacy & Security Rules. New guidance was just released regarding the requirements of the HIPAA Security Rule in the event of a ransomware attack. Additional information regarding the requirements of the HIPAA Privacy & Security

After the Supreme Court vacated and remanded the Ninth Circuit’s decision in Spokeo, Inc. v. Robins, the parties again appeared before the lower court, arguing over whether a purely technical violation of the Fair Credit Reporting Act is sufficient to satisfy the concreteness requirement for Article III standing.  

As we previously reported, on