Andrew Serwin

Latest Articles

The global WannaCry ransomware attack should be a wake up call for all companies about the threat ransomware poses. While WannaCry was one of the first highly publicized attacks in which ransomware was weaponized and used against numerous companies at once, there will undoubtedly be future attacks.  Companies can take proactive steps to reduce their chances of being hit by the next ransomware attack, and our team is working with companies around the world to…
The global WannaCry ransomware attack should be a wake up call for all companies about the threat ransomware poses. While WannaCry was one of the first highly publicized attacks in which ransomware was weaponized and used against numerous companies at once, there will undoubtedly be future attacks.  Companies can take proactive steps to reduce their chances of being hit by the next ransomware attack, and our team is working with companies around the world to…
Is your company prepared to respond to a data security breach? For many companies, even reading this question causes some anxiety. However, being prepared for what seems like the inevitable—a security breach—can be the difference between successfully navigating the event or not. While we still hear some companies say, “That would never happen to our company!” a significant breach can happen to any company. In light of this and the close scrutiny that the high-profile breaches…
As a result of the Second Circuit’s recent opinion in Microsoft v. United States, the U.S. government likely can no longer use warrants issued pursuant to the Stored Communications Act (“SCA”) to compel U.S.-based companies to produce communications, such as emails, that are stored in a physical location outside of the United States—at least for now. Instead, the government will likely need to rely on Mutual Legal Assistance Treaties, which provide a framework for…
The First Circuit Court of Appeals’ recent decision in Yershov v. Gannett Satellite Information Network, Inc. may carry important implications for mobile app providers seeking to navigate federal privacy laws—in particular, the Video Privacy Protection Act of 1988 (“VPPA”). Although Yershov is not the first case to consider how the VPPA applies to mobile apps, the opinion contains two key holdings regarding (1) the scope of protectable personally identifiable information and (2) the treatment of free app downloaders…
In the recently decided People ex rel. Harris v. Delta Air Lines, California’s Court of Appeal unanimously affirmed the dismissal of the State of California’s complaint against Delta Air Lines, Inc., which alleged that the company’s Fly Delta mobile application violated California’s privacy laws. The Court of Appeal held that the lawsuit was expressly preempted by the Airline Deregulation Act of 1978 (ADA). The holding is in line with other cases broadly applying the…
Health care apps are one of the most important and growing segments in the ecosystem known as the Internet of Things (IoT). After the recent amendments to the Health Insurance Portability and Accountability Act (HIPAA) that—among other things—broadened the definition of a “Business Associate,” many technology companies found themselves wondering whether they were, or were not, subject to HIPAA. Health and Human Services (HHS) recently issued some guidance, Health App Use Scenarios & HIPAA,…
Health care apps are one of the most important and growing segments in the ecosystem known as the Internet of Things (IoT). After the recent amendments to the Health Insurance Portability and Accountability Act (HIPAA) that—among other things—broadened the definition of a “Business Associate,” many technology companies found themselves wondering whether they were, or were not, subject to HIPAA. Health and Human Services (HHS) recently issued some guidance, Health App Use Scenarios & HIPAA,…