In a continuation of the Stengart v. Loving Care Agency case we wrote about in August 2009, the New Jersey Supreme Court ruled on March 30, 2010 that emails sent by an employee from a company laptop via a web-based email account (Yahoo!) to her attorney were protected from disclosure by the attorney-client privilege. In reaching this conclusion, the Court also ruled and provided insight on a far broader and more practical issue for employers — namely, how to draft enforceable computer usage policies and/or make existing policies more effective.

On March 25, 2010, the Federal Trade Commission (“FTC”) announced that it had entered into a settlement with entertainment operator, Dave & Buster’s, Inc., for alleged violations of Section 5(a) of the FTC Act, and for “engag[ing] in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information on its networks.”
The settlement marks the 27th case brought by the FTC against a company for insufficient data security practices.

On March 8, 2010 the SDNY issued the latest opinion addressing the conflict between U.S. discovery laws and foreign blocking statutes. In Gucci Amer., Inc. v. Curveal Fashion, the court compelled a third-party to produce documents located at its subsidiary despite claims that such production was illegal under the Malaysian law. This opinion illustrates the no-win situation that foreign corporations continue to be placed in by the tension between U.S. courts and foreign law, and underscores the importance of raising foreign-law based discovery objections as early and in as detailed a manner as possible in order to maximize the chances of successfully navigating this conflict.

On February 16, 2010, the EU Article 29 Working Party published Opinion 1/2010, in which it clarified the definitions of “data controller” and “data processor” as those designations are used within the European Data Protection Directive. The Working Party’s opinion is welcome guidance, as such designations are often difficult to apply in practice, especially given the increasing complexity of globalization, organizational differentiation, and information and communication technologies.

On March 9, 2010, the Federal Trade Commission and 35 state attorneys general announced a negotiated settlement with LifeLock, Inc. which resolves charges that LifeLock misrepresented the nature and effectiveness of the identity theft protection services it offers, and made false claims about its own data security practices. In the words of FTC Chairman Jon Leibowitz, “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it.”