A federal court in California ruled in favor of sanctions against Google last week for failing to preserve records. Google’s document retention policy required individual employees to identify internal chat conversations responsive to a litigation hold. The court found this policy to be in violation of Google’s duty to preserve electronically-stored information under the Federal Rule of Civil Procedure 37(e). The consolidated case arose out of antitrust litigation regarding Google’s “Play Store” Application on Android cell-phones. In re Google Play Store Antitrust Litigation, 21-MD-02981, NDCa.
Employers beware: A recent holding out of Illinois has determined that employees may sue employers who collect and/or disclose employees’ biometric data. On Feb. 3, 2022, the Illinois Supreme Court issued a significant decision in McDonald v. Symphony Bronzeville Park, LLC, et al., impacting current and future claims against employers involving the Illinois Biometric Information Privacy Act (BIPA). Continue Reading
Porter Wright is proud to announce that international business and privacy & data security attorney Katja Garvey has been elevated to serve as chair of the firm’s International Business & Trade Practice Group. Continue Reading
BIS has issued an interim final rule, and entities dealing with cybersecurity exports are being asked to submit comments by early December. In this latest edition of our Privacy and Security Roundup, we share the details of the final rule’s two key measures including export restrictions and a new License Exception, provide an update on cyber incident reporting legislation, discuss modifications to the GLBA Safeguards Rule and much more. Continue Reading
Across the globe, concerns continue regarding cryptocurrencies and digital currency exchanges. In the October edition of our Privacy and Security Roundup, we dive into the latest details surrounding OFAC’s efforts to stifle ransomware attacks, how organizations should carefully assess the new Personal Information Protection Law in China, the new EU Standard Contractual Clauses requirement effective Sept. 27, and more. Continue Reading
On Sept. 21, 2021, the Department of Treasury, Office of Foreign Assets Control (OFAC), updated its published guidance regarding sanctions risks associated with making ransomware payments and its official policy on such payments. This updated guidance, taken in conjunction with OFAC’s recent sanctions designation of a cryptocurrency payment exchange frequently used for ransomware payments, and other ongoing regulatory legislative efforts to address ransomware attacks, further highlights the whole of government effort by the United States to discourage ransomware attacks and address the compliance responsibilities this effort continues to impose upon the business community. Continue Reading
Not only are public and private companies increasingly targeted for cyber-attacks, but local and state governments across the country are as well. In our latest Privacy and Security Roundup, we cover the Senate-passed bill that includes nearly $2 billion in national cybersecurity funding, recent sanctions by the SEC on investment advisors and broker-dealers, a new initiative that aims to improve defense planning and information sharing between the public and private sectors, and more. Continue Reading
More states, including Ohio, are working on comprehensive consumer privacy laws that could impact how companies share data. In our August 2021 Privacy and Security Roundup, we cover the nuances in the various legislation, more ransomware and supply chain attacks and news of a messaging app used as a Trojan horse by the FBI.
On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that were adopted under the former EU Data Protection Directive in 2001, 2004 and 2010 (Previous SCCs).
The past few weeks have provided some big developments in the area of data privacy and security. In this Privacy and Security Roundup, we cover a ransomware attack on the largest oil pipeline in the U.S., an Executive Order from President Joe Biden to enhance U.S. cybersecurity and potential mandatory reporting/sharing requirements, the U.S. Supreme Court weighing in on the Federal Trade Commission’s ability to seek monetary relief, and more.