The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former employer’s … Continue Reading
As reported on our Global Immigration Blog, the U.S. Citizenship and Immigration Services (USCIS) has issued a notice regarding scam email requests for I-9 information. According to USCIS, employers have received scam emails that appear to come from USCIS. These scam emails come from a fraudulent email address (news@uscis.gov) and the body of the email may contain USCIS and … Continue Reading
Delaware joins the growing number of states that recently amended their data breach notification law. On August 17th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018). Delaware maintains the state law trend of requiring businesses … Continue Reading
Last August, we reported on a Ninth Circuit case in which a former employee was convicted of a crime under the Computer Fraud and Abuse Act (“CFAA”) for accessing and downloading information from his former company’s database “without authorization.” The former employee has now asked that the U.S. Supreme review the Ninth Circuit’s decision. The … Continue Reading
Fortune.com reported that according to an International Data Corporation (IDC) forecast, by 2020, spending on security-related hardware, software, and services will eclipse $100 billion. However, consulting company NTT Com Security recently surveyed 1,000 executives and found only about half of them reported having a formal plan to respond to a data breach. Franklin wisely noted … Continue Reading
Last month, Illinois Governor Bruce Rauner signed into law a number of amendments to the State’s Personal Information Protection Act (“PIPA”) that expand the definition of protected personal information and increase certain data breach notification requirements. The amendments, highlighted below, take effect January 1, 2017. Currently, “personal information” is limited to an individual’s first name … Continue Reading
A recent case from the Northern District of California raises the importance of actively engaging with employees to coordinate the search for documents and electronically-stored information to comply with the employer’s discovery obligations. At the same time, the Court ruled that an employer cannot be compelled to produce business-related emails from the personal email accounts … Continue Reading
With breaches caused by payment card thieves and hackers dominating the news, it is easy for mid-sized and small companies to think that data breaches are unfortunate events that affect only large companies. Not only is this sentiment misguided, but in relative terms the information contained in exposed emails can cause far more damage to an organization than the loss … Continue Reading
You’ve just finished your email, electronic communications, social media and/or BYOD policies for employees assuming, among other things, that you did not have to permit employees to use company-provided communication systems for nonwork-related purposes, such as to fulfill certain union-related purposes or other “protected concerted activities” under for Section 7 of the National Labor Relations … Continue Reading
The United States District Court for the Middle District of Alabama recently held in Bruce v. McDonald that the “mere access” of an e-mail account and subsequent printing/possession of e-mails from the same account did not constitute an “interception” in violation of the federal Wiretap Act. Under the Wiretap Act, as amended by the Electronic … Continue Reading
In a recent consent order, the New Jersey Division of Consumer Affairs settled an investigation involving Dokogeo, Inc., a California based mobile application developer. Under the Children’s Online Privacy Protection Act (“COPPA”) websites and online services which collect information from children younger than 13 are subject to certain parental notice and consent requirements. In the Dokogeo … Continue Reading
A U.S. District Court in Indiana has ruled that a company’s use of keylogger software to access an employee’s personal e-mail account may have violated the Stored Communications Act (“SCA”). Keylogging or keystroke logging is the tracking of the keys struck on a keyboard, typically in a covert manner. In Rene v. G.F. Fishers, Inc.,the … Continue Reading
A Minnesota Court of Appeals panel has affirmed the issuance of a temporary injunction against a co-owner of an LLC blocking him from accessing emails of his partner from the company’s server in the midst of their business dispute. The unpublished decision, Gates v. Wheeler A09-2355 (Minn. App. November 23, 2010), raises some interesting issues regarding … Continue Reading
Keystroke logging (or “keylogging”) is the noting (or logging) of the keys struck on a computer keyboard. Typically, this is done secretly, so the keyboard user is unaware his activities are being monitored. Several cases throughout the country have examined an employer’s use of keylogging. Recently, the Criminal Court of the City of New York held … Continue Reading
