Monthly Archives: December 2013

Have you wanted to read up on the many cyber security issues that have arisen over the past year but which you did not have time to follow in detail?  We have just the thing — four reports from the Congressional Research Service, the low-key public policy research branch of the U.S. Congress (so low-key that they do not have a web site).

Four recent CRS reports on timely cyber topics are:

• The 2013 Cybersecurity Executive Order:   Overview and Considerations for Congress

• Federal Laws Relating to Cybersecurity:  Overview and Discussion of Proposed Revisions

• Cybersecurity: Selected Legal Issues

• Cybersecurity:  Authoritative Reports and Resources

More

In the cross-post from our Noncompete Blog, another CFAA decision is discussed.

***

Echoing a new theme in the federal district court in Massachusetts, last month Chief Magistrate Judge Leo T. Sorokin refused to dismiss a Computer Fraud and Abuse Act (“CFAA”) claim brought against the former CEO of a company, but did so without prejudice, meaning that the defendants could ask the Court to dismiss the claim again later in the case.… More

Now that the initial media blitz about the massive Target breach has passed, it is time to look ahead at the implications:

• Legislation:  In the past, we have seen major breaches drive legislative change.  But now that most states have data security statutes, it seems unlikely that much will happen at the state level.  And action at the federal level has been long promised, but remains a distant vision.…

More

In a 68 page order issued earlier today, a federal district court judge ruled in favor of five plaintiffs challenging the NSA’s collection of phone record information, finding that the plaintiffs:

• “have standing to challenge the constitutionality of the Government’s bulk collection and querying of phone records metadata”;
• “have demonstrated a substantial likelihood of success on the merits of their Fourth Amendment claim”;…

More

Our own Michele Whitham was one of the presenters at the recent 2013 Annual Advanced Cyber Security Center Conference on “Cyber Security Threat Sharing:  A Roadmap for Collaborative Defense.”

• Wirespeed Threat-Based Defense — How do you balance between what is automated and what is done by people?
• Security, Outsourcing and the Cloud — What might companies outsource, and how do they make that decision?…

More

A recent article in Law360 discusses how “technical problems plaguing the Affordable Care Act’s online insurance marketplace could expose vast amounts of personal data to theft….”  I noted in that article that while these concerns were valid, they are simply expanded versions of existing exposures in payor databases:

“Will breaches and improper disclosures happen as part of the new federal and state exchanges? I wouldn’t bet against it,” said Foley Hoag LLP privacy and data security practice co-chair Colin Zick.… More

Remember in late October, when Google and Facebook issued new policies enabling them to use adults’ and minors’ data for advertising purposes?  Initial reports suggested there could be a big hue and cry among consumers.  At the time, I was quoted by Law360 saying:

“They’re absolutely testing the boundaries from not only a legal standpoint, but also from a public acceptance standpoint,” said Foley Hoag LLP privacy and data security practice co-chair Colin Zick.… More