Latest Articles

Personal location information held by a third party now receives heightened protection from disclosure to law enforcement Thanks to Timothy Ivory Carpenter, Cell Site Location Information (“CSLI”) is now part of our vernacular.  More important, in light of the Supreme Court’s June 2018 ruling in Carpenter v. United States, a company’s collection and retention of a person’s historical whereabouts (location information) now receives heightened protection from search and seizure by law enforcement.   …
The Supreme Court allows routine border searches because the “Government’s interest in preventing the entry of unwanted persons and effects is at its zenith at the international border.” Some level of suspicion is required only when a search infringes the dignity and privacy interest of the persons being searched. Circuits are now split about whether reasonable suspicion is needed to justify a forensic search of information stored on an electronic device.…
In late April, the U.S. Securities and Exchange Commission (SEC) hit Yahoo with a $35 million dollar fine for failing to properly assess and disclose a 2014 data breach that affected more than 500 million user accounts. The case marks the first time the SEC has charged a public company with cybersecurity-related disclosure violations and serves as a reminder that the SEC remains laser-focused on cybersecurity issues. Read our full client alert  here.…
Buried on page 2,201 of the 2,232-page 2018 Omnibus Spending Bill, the CLOUD Act was signed into law on March 23, 2018. The bill allows U.S. law enforcement to obtain U.S. citizens’ private data from servers anywhere in the world, provided that an agreement exists with that country on data sharing. However, the CLOUD Act has already received tough criticism that raises 4th Amendment concerns.…
Part I: Background During the era when the Sony Walkman birthed the personal audio revolution, Nintendo Entertainment Systems appeared on American shores, and Gordon Gekko made wireless phone calls on his chunky mobile phone, the 99th United States Congress passed the Stored Communications Act (SCA). Enacted in 1986, the SCA governs U.S. authority to compel disclosure of electronic communications or data stored with a service provider. Fast forward two decades, the gap between advancements in…
On February 27, 2018, the Supreme Court heard oral arguments in a case that will affect the security of data stored in the cloud. At issue in United States v. Microsoft is whether a U.S. based digital communications provider must comply with a warrant for user data stored on servers located outside of the U.S. This case is being heard against the backdrop of Congressional debates regarding proposed amendments to Section 2703 of the Stored…
Annually, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (“OCIE”) publishes its examination priorities for the new year.  Recently, OCIE announced five priorities that will inform its examinations moving in to 2018. OCIE is committed to “promoting compliance, preventing fraud, identifying and monitoring risk, and informing policy.” In support of these “pillars,” OCIE intends to focus on: Issues of importance to retail investors, such as fee disclosures, mutual funds, and exchange-traded funds;…
The two attacks affect nearly 90 percent of the world’s computers. Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer. Meltdown could provide hackers the ability to become squatters on cloud-based services, but more importantly provide them access to other consumers’…
In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in the U.S. District Court for the Northern District of Georgia. In analogous litigation, two open issues exist: (1) First, whether…
These days, organizations (including the U.S. Air Force) have been turning to third parties to help hunt for security weaknesses (under “bug bounty” programs) in company software and applications. In July 2017, the Department of Justice released guidance for a structured program (entitled, A Framework for a Vulnerability Disclosure Program for Online Systems) designed to assist organizations in their efforts to identify and properly disclose those weaknesses. This four-part framework (located here) appears to…