Technology Law Source

Recent Google sanctions should prompt review of data preservation practices

By Talia Karas on
Close-up hands typing on keyboard laptop computer with chat box icons

A federal court in California ruled in favor of sanctions against Google last week for failing to preserve records. Google’s document retention policy required individual employees to identify internal chat conversations responsive to a litigation hold. The court found this policy to be in violation of Google’s duty to preserve electronically-stored information under the Federal Rule of Civil Procedure 37(e). The consolidated case arose out of antitrust litigation regarding Google’s “Play Store” Application on Android cell-phones. In re Google Play Store Antitrust Litigation, 21-MD-02981, NDCa.

Continue Reading

Bio-shocked: In Illinois, workers’ comp not exclusive remedy for claims involving employee biometrics

By Bide Akande on

Employers beware: A recent holding out of Illinois has determined that employees may sue employers who collect and/or disclose employees’ biometric data. On Feb. 3, 2022, the Illinois Supreme Court issued a significant decision in McDonald v. Symphony Bronzeville Park, LLC, et al., impacting current and  future claims against employers involving the Illinois Biometric Information Privacy Act (BIPA). Continue Reading

November Privacy and Security Roundup: Cybersecurity export controls, mandatory reporting bills and Safeguards Rule changes

By Matthew Lapin, Donna Ruscitti and Porter Wright on

BIS has issued an interim final rule, and entities dealing with cybersecurity exports are being asked to submit comments by early December. In this latest edition of our Privacy and Security Roundup, we share the details of the final rule’s two key measures including export restrictions and a new License Exception, provide an update on cyber incident reporting legislation, discuss modifications to the GLBA Safeguards Rule and much more. Continue Reading

October Privacy and Security Roundup: Cryptocurrencies endure scrutiny, China’s Privacy Law goes into effect and new EU SCCs now required

By Diana Lingyu Jia, Donna Ruscitti and Porter Wright on

Across the globe, concerns continue regarding cryptocurrencies and digital currency exchanges. In the October edition of our Privacy and Security Roundup, we dive into the latest details surrounding OFAC’s efforts to stifle ransomware attacks, how organizations should carefully assess the new Personal Information Protection Law in China, the new EU Standard Contractual Clauses requirement effective Sept. 27, and more. Continue Reading

OFAC updates guidance on ransomware payments and sanctions risk

By Matthew Lapin and Porter Wright on

On Sept. 21, 2021, the Department of Treasury, Office of Foreign Assets Control (OFAC), updated its published guidance regarding sanctions risks associated with making ransomware payments and its official policy on such payments. This updated guidance, taken in conjunction with OFAC’s recent sanctions designation of a cryptocurrency payment exchange frequently used for ransomware payments, and other ongoing regulatory legislative efforts to address ransomware attacks, further highlights the whole of government effort by the United States to discourage ransomware attacks and address the compliance responsibilities this effort continues to impose upon the business community. Continue Reading

September Privacy and Security Roundup: Funding national cybersecurity, violating Safeguards Rule and fighting cyber threats

By Donna Ruscitti and Porter Wright on

Not only are public and private companies increasingly targeted for cyber-attacks, but local and state governments across the country are as well. In our latest Privacy and Security Roundup, we cover the Senate-passed bill that includes nearly $2 billion in national cybersecurity funding, recent sanctions by the SEC on investment advisors and broker-dealers, a new initiative that aims to improve defense planning and information sharing between the public and private sectors, and more. Continue Reading

Privacy and Security Roundup: New consumer privacy laws, big developments in ransomware attacks and the FBI’s Operation Trojan Shield

By Donna Ruscitti and Porter Wright on

More states, including Ohio, are working on comprehensive consumer privacy laws that could impact how companies share data. In our August 2021 Privacy and Security Roundup, we cover the nuances in the various legislation, more ransomware and supply chain attacks and news of a messaging app used as a Trojan horse by the FBI.

Continue Reading

New standard contractual clauses adopted by the European Commission

By Katja Garvey on

On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that were adopted under the former EU Data Protection Directive in 2001, 2004 and 2010 (Previous SCCs).

Continue Reading

Privacy and Security Roundup: Ransomware attack causes gasoline shortages, a new executive order to enhance cyber security and raising the stakes for trans-Atlantic data transfers

By Donna Ruscitti and Porter Wright on

The past few weeks have provided some big developments in the area of data privacy and security. In this Privacy and Security Roundup, we cover a ransomware attack on the largest oil pipeline in the U.S., an Executive Order from President Joe Biden to enhance U.S. cybersecurity and potential mandatory reporting/sharing requirements, the U.S. Supreme Court weighing in on the Federal Trade Commission’s ability to seek monetary relief, and more.

Continue Reading

LexBlog