The California Invasion of Privacy Act (CIPA) penalizes unauthorized eavesdropping on communications “carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio. . .” Cal. Penal
Data Law Insights
Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery
Latest from Data Law Insights
Mini-Series on CIPA – Part 1: What is a ‘Communication’ Anyway?
Companies have websites to reach customers, share products and services, and communicate brands. But websites can also create legal risks. Recently, litigation has surged against website owners for violating the California Invasion of Privacy Act (CIPA). This 1960s phone-wiretapping…
The NIS2 Directive is on the Edge of Enforcement: What Now for EU/US Companies?
Key Takeaways
1. New cybersecurity measures and requirements are introduced by the EU for companies.
2. Contractual provisions with the supply chain may need to be revised.
3. High penalties and liability for management, including personal liability.…
Text Messages Lead to $4.47B Liability in Securities Fraud Case
Text messages and other non-email, electronic communications have become increasingly important in securities fraud matters. These communications are often sent from personal mobile devices and often provide key evidence. It has become clear that the most interesting, and sometimes most…
SEC “Encourages” Public Companies to Disclose “Immaterial” Cybersecurity Incidents Under Item 8.01 of Form 8-K
The U.S. Securities and Exchange Commission (“SEC”) adopted a final rule on July 26, 2023 that requires public companies to disclose material cybersecurity incidents under new Item 1.05 of Form 8-K. Since its adoption, public companies have faced practical challenges…
“Browsing and location data are sensitive . . .. Full stop”
“Browsing and location data are sensitive . . .. Full stop,” says the Federal Trade Commission. As is all granular data that can reveal “insights” that “can be attributed to particular people” through a “re-identification” procedure. This is one basis…
DoD’s New Year Resolution: A Cybersecurity Maturity Model Certification Program (CMMC) Proposed Rule
On December 26, 2023, the Department of Defense (DoD) released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC), a cybersecurity regulatory program that will likely impact most of the government contractor community. Every contractor who…
FBI Offers Pathway to Request Delay of SEC Cybersecurity Incident Disclosures
Public companies now have a pathway to request a delay in their cybersecurity incident disclosure to the U.S. Securities and Exchange Commission (“SEC”). On December 6, 2023, the Federal Bureau of Investigation (“FBI”) Cyber Division published the “Cyber Victim…
European Parliament Adopts Final EU Data Act
On November 9, 2023, the European Parliament has adopted the final version of the Data Act, marking a significant milestone in the evolving landscape of digital regulation. The Data Act is part of the European Commission’s broader strategy to…
European Data Protection Supervisor Releases New Opinion on the EU’s Proposed AI Act
On October 24, 2023, the European Data Protection Supervisor (EDPS), which is the supervisory authority for the EU institutions, bodies, offices and agencies (EUIs), published a new opinion on the widely discussed proposal for an EU Regulation laying down harmonized…