In a recent decision, the Ninth Circuit held that “the ECPA unambiguously applies to foreign citizens.” In Suzlon Energy Ltd. v. Microsoft, Suzlon Energy demanded Microsoft to produce emails from the Hotmail email account of an Indian citizen imprisoned abroad. The district court held that the Electronic Communications Privacy Act (“ECPA”) prohibited Microsoft from producing the documents even though the individual was not a U.S. citizen. The Ninth Circuit affirmed.
Judge Finds Injury-in-Fact Adequately Alleged in RockYou Data Breach Action
Where others have failed, Alan Claridge did not. Recently, a Federal judge in the Northern District of California declined to dismiss Plaintiff Claridge’s claims arising from a data breach involving the social entertainment site RockYou. Arguing that the data breach harmed the value of his personal information, Plaintiff convinced the court not to dismiss his action for lack of standing.
Credit Report Resellers Settle FTC Charges Over Poor Security
The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and the Gramm Leach Bliley Safeguards Rule by failing to take appropriate precautions to protect credit reports and the personal information such reports contain. According to the FTC, the resellers’ information security deficiencies included (1) not having comprehensive information security policies or procedures in place; (2) releasing consumer reports to clients who lacked basic security measures, such as firewalls and updated antivirus software; (3) failing to protect their own internet portals and thereby furnishing credit reports to hackers who lacked a permissible purpose for having them; and (4) not making reasonable efforts to protect against future breaches even after becoming aware of the hackers’ illegitimate activities.
Federal Court Limits Warrantless Border Searches
According to a federal court in the Northern District of California, United States border agents may not search a laptop without a warrant several months after the agents seized the laptop.
Lack of Standing Argument Wins Against Supposed Data Breach Victim
data breach, class action, injury-in-fact, speculative, standing, Pisciotta, increased risk of harm
Data Breach Class Action Fails – Court Dismisses Securities Fraud Case Against Heartland
On December 7, 2009, a federal district court sitting in New Jersey dismissed a securities fraud class action lawsuit against Heartland Payment Systems arising from a massive breach of credit and debit card information and, in doing so, reinforced the difficulties private plaintiffs face in bringing data breach lawsuits under the federal securities laws.
Third Time’s A Charm: FTC Delays Enforcement Of The Red Flags Rule Again
The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in which the staff will “redouble its efforts to educate [businesses] about compliance.” Such a campaign is designed to “clarify whether businesses are covered by the Rule and what they must do to comply.” The delay does not affect companies subject to the enforcement authority of federal agencies other than the FTC.
EPIC Petitions for a Closer Look at the Cloud – Privacy Group Asks the FTC to Investigate Google Cloud Computing for Inadequate Safeguards and Unfair and Deceptive Trade Practices
The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.