Technology Law Source

Archives: Information Technology

Subscribe to Information Technology RSS Feed

District court gives the FTC the go-ahead in Wyndham data security enforcement suit

A decision from the U.S. District Court for the District of New Jersey last week affirmed the Federal Trade Commission’s assertion of authority to prosecute data security breaches under Section 5 of the Federal Trade Commission Act. The FTC has increasingly used its authority under Section 5, which makes it unlawful to engage in “unfair methods of competition … and unfair or deceptive acts or practices,” to regulate data security. Two companies, Wyndham Worldwide Corp. and LabMD Inc., have publicly challenged the FTC’s authority over their data security policies (and subsequent lapses). We posted in December about LabMD’s challenge, which remains pending before the FTC. The District of New Jersey, however, has rejected Wyndham’s challenge.

In June 2012, the FTC filed a complaint against Wyndham, alleging that Wyndham used unfair and deceptive practices by failing “to maintain reasonable and appropriate data security for consumers’ sensitive personal data,” which, in turn, exposed customers’ personal and credit card information to hackers in three system attacks between 2008 and 2011, resulting in fraudulent charges to consumers’ accounts totaling $10.6 million.

Wyndham moved to dismiss the complaint, arguing, among other things, that the FTC’s unfairness authority does not extend to data security because:…

Tech companies can’t escape antitrust liability for agreeing not to solicit competitors’ employees

Our colleagues at Employer Law Report have been following a case that considers antitrust issues as they relate to competition among high-tech employers. In re High-Tech Employee Antitrust Litigation will now proceed to trial. The case is an excellent reminder to businesses across industries. Though companies may be able to enter into agreements with their employees restricting their ability to compete, entering into agreements with competitors in an attempt to reach the same result may violate antitrust laws. Read more

Another sunrise, another new beginning. New gTLDs delegated and set to launch; are you ready?

New to the delegation pool

ICANN delegates new gTLDs daily, which keeps trademark owners on their toes. Since our last blog article, new gTLD delegations include:

  • .gop
  • .ryukya
  • .yokohama
  • .rest
  • .saarland
  • .consulting
  • .vodka
  • .haus
  • .cooking
  • .moe
  • .rodeo
  • .country
  • .商城(xn--czru2d) – Chinese for “mall”
  • .horse
  • .fishing
  • .vegas
  • .miami
  • .archi
  • .black
  • .ren
  • .meet
  • .sohu

The most recent additions will join the growing list of gTLDs that can begin their Sunrise periods. It is important to remember that though many gTLDs are allowing Sunrise periods to last longer than 30 days, they are required to have only a 30-day period.

gTLDs beginning Sunrise

Sunrise periods can quickly come and go — notice to the unwary. Following is a list of gTLDs set to launch and their corresponding Sunrise periods.…

“You, you, and you: Panic. The rest of you: Come with me.” – It’s time for trademark owners to arm themselves against the dot’s new friends.

The Internet Corporation for Assigned Names and Numbers (ICANN) announced this week at ICANN 49 Singapore that the number of new generic top levels domains (gTLDs) that have been “delegated” — i.e., designated as ready for launch — now tops 175. Recently delegated gTLDs include:

  • .london
  •  .nyc
  • .cologne
  •  .trade
  •  . 世界 (Chinese for “world/shijie”)
  •  .bid
  • .vote
  • .reviews
  • .events
  • .democrat
  • .education
  • .coffee
  • .florist

The ICANN website shows the complete list of delegated gTLDs. As this number climbs, it becomes increasingly and even alarmingly important for trademark owners, regardless of whether they have vast or small trademark portfolios, to take action so they have the ability to receive notice and protect their registered marks in the rapidly expanding Internet.

What does delegation mean to brand owners?

Logistically, delegation means that the gTLD registry can begin the “Sunrise” period. For trademark owners however, delegation signals that the battle to quash unauthorized use of domain names has begun.…

Three additions to your new year’s resolutions from Pradaxa

Many people use the start of a new year to resolve to improve their diet, get more sleep and exercise more. Professional resolutions for attorneys often focus on improving efficiency, expanding networks and areas of expertise or simply submitting their time entries properly. A decision late last year in the In re Pradaxa Products Liability Litigation suggests some potential professional resolutions for litigators and in-house litigation counsel to consider when litigation arises or is reasonably anticipated.1

Pradaxa is a multidistrict products liability action pending in the Southern District of Illinois. The case involves, among other things, the safety of a blood thinner and a pharmaceutical manufacturer’s alleged representations about the efficacy of that product. This complex case involved extensive discovery involving millions of documents and hundreds of witnesses and, not surprisingly, discovery issues and disputes arose that were not particularly unique.

In a detailed opinion reviewing the history of the discovery disputes brought to its attention by the plaintiff’s steering committee, the district court commented that it had been “exceedingly patient and, initially, was willing to give the defendants the benefit of the doubt” on the discovery issues. For example, this was not the first opinion in this action addressing defendants’ discovery responses and document preservation efforts.2 Indeed, the court had “warned the defendants in the past, when such conduct continues, there is a cumulative effect” that the court not only can but also should take into account.…

Top 10 e-discovery developments and trends in 2013: Part 2

Following is Part 2 of my third annual list of the top 10 e-discovery developments and trends from the past year. Read Part 1.

6. “It is malpractice to not seek a 502(d) order from the court before you seek documents.” U.S. Magistrate Judge Andrew Peck began last year at Legal Tech providing his thoughts on the importance of orders entered pursuant to Federal Rule of Evidence 502(d). He said: “I’ll give you a fairly straight takeaway on 502(d). In my opinion it is malpractice to not seek a 502(d) order from the court before you seek documents. That doesn’t mean you shouldn’t carefully review your material for privileged documents before production, but why not have that insurance policy?” Other judges echoed these sentiments as the year progressed.

As if hearing federal judges say malpractice and Rule 502(d) orders in the same sentence were not enough to convince federal court litigants to use them, cases throughout the year further highlighted the importance of securing these orders. Magistrate Judge Waxse enforced a Rule 502(d) order over the objection of the party that originally requested it in Rajala v. McGuire Woods, LLP, 08-2638 (D. Kan. Jan. 3, 2013). Earlier in the case, the defendant moved for a protective order that contained a clawback provision pursuant to Rule 502(d). Magistrate Judge Waxse entered the order which included language stating that “[t]he inadvertent disclosure or production of any information or document that is subject to an objection on the basis of attorney-client …

Top 10 e-discovery developments and trends in 2013: Part 1

Here is my third annual list of the top 10 e-discovery developments and trends from the past year.

1. The growth of Bring Your Own Device (BYOD) policies and work-related text messaging is creating litigation hold challenges. A Cisco survey found that 89% of companies are currently enabling employees to use their own electronic devices for work. Gartner predicts that by 2017 a half of all employers will require employees to provide their own devices. The growing prevalence and convenience of personal devices in the workplace is leading more employees to use text messaging for work-related purposes.

With these trends, it is no wonder that there were a number of decisions last year addressing whether an employer must produce ESI (mainly text messages) from its employees’ devices (mainly cell/smart phones). One of the key issues in these cases is whether the employer has “possession, custody, or control” over the devices. To decide this issue, courts have looked at whether the employer provided the devices, whether the employees used the devices for work-related purposes, and whether the employer otherwise had any legal right to obtain ESI from the devices on demand. Other issues that have been raised are the privacy rights of the employees and the employer’s obligations if its employees refuse to turn over their devices during discovery.

In ordering the production of business-related text messages on employees’ cell/smart phones, a court rejected the argument that the failure to preserve text messages should not be sanctioned because they are …

Forensic computer examination is where the rubber hits the (off) road

Forensic computer examinations can be expensive and therefore may prompt the question during litigation – are they worth it? A recent decision from the Southern District of Ohio illustrates why the answer is “yes” in many trade secret cases. In H&H Industries, Inc. v. Miller, the court relied heavily on the results of the forensic examination of the defendant’s computers to enter a preliminary injunction that prohibited the defendant, the plaintiff’s former employee, not only from divulging or using the plaintiff’s trade secrets but also from working for his new employer.

The plaintiff, H&H Industries, retreads and repairs off-the-road (“OTR”) tires and sells used OTR tires. The defendant, Erik Miller, began working for H&H in 2006, and since 2007 had worked as a salesperson of OTR tires. Miller had access to H&H’s confidential information, including pricing information, and, as such, H&H required him to sign a confidentiality agreement. On July 26, 2013, Miller notified H&H that he was leaving the company to join one of H&H’s direct competitors, Polar Rubber Products.…

Dawn of a new Internet — mechanisms to protect your brand

Many people have not yet heard or may not understand, but the Internet will expand vastly and quickly beyond the familiar .com, .org, and .edu top level domain names. The Internet Corporation for Assigned Names and Numbers (ICANN) launched an initiative in 2008 to enable the introduction of new generic topic level domains (gTLDs). The primary reason for the expansion is to promote competition in the domain name market while continuing to ensure the Internet’s security and stability. Though ICANN’s efforts have not been without criticism, the objective is to expand the number of new gTLDs to increase competition among registry service providers and, in turn, provide greater consumer choice.

ICANN reported receiving 1,930 new gTLD applications during the application window, which closed March 29, 2012. Of those applications 1,815 are active. Most of these new gTLD applications are for generic terms such as .app, .auto, .car, .music, .shopping, .singles. But ICANN also received a subset of applications known as “.brands” created submitted on behalf of brand owners to operate as closed registries (not open to the public) designated specifically for the brand’s use — such as .apple, .chevrolet, .goodyear and .samsclub.…

Key e-discovery cases in November

Last month, Magistrate Judge David J. Waxse decided an issue that we likely will see more of in the age of big data. He rejected a defendant’s undue burden argument even though even though the “data warehouses” at issue contained over 100 terabytes of data and the production would take several months to develop a process to extract and pull the data in the manner requested by the plaintiffs. In addition to that case, there were key cases in November involving BYOD issues, cooperation, the form of production, and spoliation.

Bring your own device (BYOD)

Ewald v. Royal Norwegian Embassy, No. 11-cv-2116 (D. Minn. Nov. 20, 2013). In my summary of key October cases, I discussed how the magistrate judge in this case denied the plaintiff’s motion to compel discovery, including a request for forensic images of certain laptops, phones, memory cards and tablets. The district court judge largely affirmed the magistrate judge’s order but reversed the order as it related to the discovery of text messages and voice messages contained on two work-provided mobile phones. The court held that the plaintiff was entitled to receive responsive text messages and voice messages contained on the mobile phone the defendant-employer provided to her and another employee. Accordingly, the court ordered the parties to meet and confer and agree on a protocol to conduct a search for responsive text messages and voice messages contained on their work-provided mobile phones used between Nov. 1, 2008 and Nov. 1, 2011. Interestingly, the …

LabMD joins Wyndham in challenging FTC’s data privacy authority

Section 5 of the Federal Trade Commission Act — the Act that established the FTC in the first place — makes it unlawful to engage in “unfair methods of competition … and unfair or deceptive acts or practices…” Though the words seem simple enough, its application in today’s world is anything but simple, particularly when you talk about data privacy. Two companies — Wyndham Worldwide Corp. and LabMD Inc. — are publicly, and independently, challenging the FTC’s authority over their data security policies (and subsequent lapses). This post is a quick update about LabMD’s challenge.

In August 2013, the FTC filed an administrative complaint against LabMD, alleging that it lacked appropriate data security and unreasonably exposed the health and personal data of its consumers. LabMD conducts clinical laboratory tests on patients and reports its finding to patients’ health care providers. In performing the needed tests, LabMD typically obtains personal information, including names, addresses, dates of birth, SSNs, bank account or credit card information, laboratory tests, test codes and results, diagnoses, clinical histories, and health insurance company names and policy numbers. LabMD possesses such data for approximately 1 million consumers.

The FTC charged that LabMD “failed to provide reasonable and appropriate security for personal information on its computer networks.” Among other things, the complaint states that LabMD failed to:…

A Trans-Atlantic exploration of emerging privacy law and policy issues

This past summer, the University of Amsterdam launched a new, week-long Privacy Law and Policy Summer Course related to the Internet, electronic communications, and online and social media. Course faculty included European and U.S. academics, European regulators and the head of the global privacy law practice at an international law firm, among others. Course participants consisted of 25 legal practitioners and post-graduate researchers from the Netherlands, Spain, Italy, Slovakia, the United States, Japan, Brazil, Kenya and other countries. I was lucky enough to serve as a co-organizer and faculty member for the course.

Taken together, the nine mini-seminars that constituted the backbone of the course provide a snapshot of developments in privacy law and policy in Europe and in the United States, and how they relate to one another. This should be of interest to U.S. lawyers and others who work in the areas of privacy law, compliance and management. What follows is a brief description of some key takeaways from the week, and an attempt to pull them together into a broader perspective.

Doing business over the Internet

Daniel Cooper, head of the Global Privacy Practice at Covington & Burling, discussed emerging legal and policy challenges facing European companies that seek to do business over the Internet. Cooper’s comprehensive presentation stressed that companies face a wide array of matters, including privacy issues related to online behavioral advertising and business use of social media, facial recognition technology, mobile apps, and big data. The 1995 Data Protection Directive pre-dates these technological …

Who owns your website, software and other works of authorship?

Many businesses outsource work such as website creation, software development or other creative tasks, engaging the services of companies or individuals experienced in these fields. Some are surprised to learn, often the hard way, that paying someone to create your website, develop software or produce other works of authorship does not mean you own the copyright in the final work product. Lack of ownership may prove costly, as a copyright owner has the exclusive right to reproduce, distribute and even modify the original work.

Copyright protection, which has been referred to as the “forgotten stepchild” of intellectual property, deserves more respect and attention than it often receives. For starters, copyright protection is rather cheap — in fact, it’s actually free (more on that below). Unlike patents, you don’t need to spend thousands of dollars on an application, hoping that the Copyright Office agrees that you created something artistic or worthy of copyright.

Copyright protects works of authorship, including: literary works; musical works; dramatic works; pictorial, graphic, and sculptural works; motion pictures and other audiovisual works; sound recordings; and architectural works. 17 U.S.C. § 102(a). Though copyright does not extend to ideas, processes, systems, discoveries, etc., the tangible expression of these — e.g., computer software — is entitled to copyright protection.…

Privacy on the go: California’s recommendations for the mobile ecosystem

Privacy policies are often lengthy, difficult to read and even more complicated to understand. Facebook’s data use policy, for instance, fills 16 pages and contains more than 9,000 words. The idea of reading through an entire privacy policy on the small screen of a mobile device exemplifies the need for a different, more user-friendly approach. In addition, mobile devices pose unique privacy challenges such as GPS tracking, text messages and call logs.

California, a state with consumer protection laws that are among the strongest in the country, has had explicit legislation governing online privacy since 2004 when the California Online Privacy Protection Act1 (“CalOPPA”) was enacted. CalOPPA § 22575(a) forces all operators of websites or online services to post their privacy policies in a conspicuous manner assuming they target individuals residing in California.

The California Attorney General, Kamala Harris, concluded in 2012 that, with regard to mobile devices and the apps they employ, the “conspicuous” display of privacy notices required an app-specific version and that a mere link to the company’s website was insufficient to meet the posting requirements referenced above. Harris sent notices to mobile developers Oct. 30, 2012, warning that they were not in compliance with California privacy law if their apps did not contain a conspicuously posted privacy notice. Shortly thereafter, California filed suit against Delta Airlines Inc., alleging the airline’s “Fly Delta” app lacked the requisite privacy notice despite collecting extensive personally identifiable information (PII) of its customers.…

Key e-discovery cases in August

In addition to the posting of the proposed discovery amendments to the Federal Rules of Civil Procedure for public comment, August was packed with a number of interesting e-discovery decisions. Here are my thoughts on key e-discovery cases decided last month, including another spoliation blockbuster from Judge Shira Scheindlin and rulings on e-discovery costs, search terms, proportionality and privacy.


Sekisui American Corp. v. Hart, No. 12 Civ. 3479 (S.D.N.Y. Aug. 15, 2013). Judge Scheindlin considered the “appropriate penalty for a party that — with full knowledge of the likelihood of litigation — intentionally and permanently destroyed the email files of several key players.” Based on Judge Scheindlin’s analysis of the facts, she reversed the magistrate judge’s order declining to award sanctions and instead ordered that an adverse jury instruction be given at trial.

The most notable part of the decision was that it was issued on the same day the public comment period opened for the proposed discovery amendments and Judge Scheindlin included a footnote openly disagreeing with the proposed changes to Rule 37(e). She stated: “I do not agree that the burden to prove prejudice from missing evidence lost as a result of willful or intentional misconduct should fall on the innocent party. Furthermore, imposing sanctions only where evidence is destroyed willfully or in bad faith creates perverse incentives and encourages sloppy behavior. Under the proposed rule, parties who destroy evidence cannot be sanctioned (although they can be subject to ‘remedial curative measures’) even if they were …

Subpoenas seeking identifying information and login data associated with email addresses did not violate First Amendment or privacy rights

A federal court in California has held that subpoenas served on Google and Yahoo! seeking the subscriber and usage information associated with 68 email addresses did not infringe on the subscribers’ First Amendment rights or their right to privacy. Chevron Corp v. Donziger, No. 12-mc-80237 (N.D. Cal. Aug. 22, 2013). The subpoenas also did not violate the Stored Communications Act (SCA). According to the court, the subscribers “vastly overestimate[d] the amount of legal protection accorded to the subscriber and usage information associated with their email addresses.” Chevron, slip op. at 32.

The court reasoned that:

Although the [subscribers] may believe that using their email addresses will protect their identities, that belief is simply not reflected by the reality of the world we live in. Email addresses are labels we voluntarily present to the outside world, through which we allow the world to contact us, and in that way identify us.

Id. at 14.

The court’s decision is a reminder of how much information is being collected and stored electronically about a subscriber each time that person establishes and logs into an internet account — whether that account is webmail, a social media site or a customer profile — and how that information may become discoverable and accessed years later during litigation. It also shows how valuable metadata can be not only to internet marketers and service providers but also to litigants.…

Implementing cloud strategies

As companies struggle with how to develop cloud strategies that are both cost effective and protect sensitive consumer and corporate data, the National Institute of Standards and Technology (NIST) can provide hands-on information to the private sector to help implement a reasonable cloud computing solution. Though NIST provides guidelines to the U.S. Government, the private sector can learn, too. Recently, NIST has stressed that the three major challenge areas for adoption of cloud computing are security, portability and interoperability.

In June, NIST released draft Special Publication (SP 500-299) as part of its ongoing obligation to develop technical and security standards for federal agencies as they adopt cloud computing solutions. This draft has been undergoing further comment and review. While these standards will establish protocol for procurement of cloud services by the federal government, they are likely to impact the use of cloud services and contractual terms in the private sector.

Cloud computing — the big picture

Companies adopting cloud solutions may struggle with setting a framework for their analysis of how to adopt a cloud solution. Exactly what is the cloud? According to the NIST definition:…

Sanctions for spoliation of evidence

This article was published originally at The article is the final installment of a six-part series focusing on evidence spoliation. Read more here, here and here.

Spoliation of evidence occurs when an individual or entity violates its duty to preserve relevant evidence. A finding of spoliation will often result in the imposition of sanctions and can significantly impact a litigation. Understanding how courts determine the appropriate spoliation sanction to impose is essential when this issue arises.

Courts have two sources of authority for sanctioning spoliation of evidence. Under the rules of civil procedure, courts have broad discretion to impose a variety of sanctions against a party that fails to produce evidence in violation of the civil rules. The primary limitation on this authority is that the discovery rules apply only to acts of spoliation that occur during the pendency of a lawsuit or following a court order. Courts also rely upon their inherent power to control the administration of justice to sanction pre-litigation spoliation. This authority allows courts to preserve their independence and integrity, since the destruction of evidence inhibits a court’s ability to hear evidence and accurately determine the facts.…

Court holds that employer did not have “possession, custody or control” of text messages sent or received on its employees’ personal cell phones

In an employment race discrimination case, a federal court recently held that the defendant-employer did not have “possession, custody, or control” over text messages sent or received by its employees on their personal cell phones. The court denied the plaintiff’s motion to compel the production of these text messages because there was no evidence that:

  • the employer issued the cell phones to the employees;
  • the employees used the cell phones for any work-related purpose; or
  • the employer otherwise had any legal right to obtain employee text messages on demand.

Cotton v. Costco Wholesale Corp., Case No. 12-2731, slip op. at 11 (D. Kan. July 24, 2013).

Plaintiff sought text messages from his managers

The plaintiff is an African-American who was hired as a loss prevention associate at Costco in 2010. He claims that since his hiring Costco’s employees, supervisors and managers at the warehouse that he works at have engaged in discriminatory, harassing and retaliatory conduct against him. Among other things, he alleges that certain warehouse managers have made it difficult for him to perform his job, treated him like he is the “ghost” in the room during management meetings, made racially derogatory comments about him and negative remarks about his clothing, and removed him from his loss control position and had him boxing groceries and retrieving shopping carts from the parking lot instead.…

Court denies employer’s access to social media posts in FLSA collective action and sends warning: If you want access to social media, come with both barrels loaded … leave the water gun at home

A federal court has denied a defendant-employer’s request that plaintiffs sift through and turn over all their social media posts made during their work hours in an FLSA collective action in which the plaintiffs claim their employer failed to give them meal breaks. How did that happen? I thought you’d never ask.

By way of background, Jewell v. Aaron’s Inc., is a nationwide,1,700+ FLSA collective action pending in the Northern District of Georgia. In the suit (Complaint accessible here), the class plaintiffs (current and former employees of Aaron’s) claim they were not paid for their 30-minute meal periods. As you might imagine, with that many plaintiffs discovery has been difficult. So with that, the parties got creative. They were able to work together to narrow the issues and determined that of the 1,700+ class members, discovery would only be served and responded to by 87 of the opt-in plaintiffs (the “Discovery Plaintiffs”). I won’t go into all the details about that discovery (you may read the Defendant’s Memorandum in Support of Motion for Court Approval of Discovery Request to a Small Number of Randomly-Selected Opt-In Plaintiffs here), because I want to focus on the social media portion of the discovery dispute.

Specifically, in one request for production, Aaron’s asked the Discovery Plaintiffs to produce:

“All documents, statements, or any activity available that you posted on any internet Web site or Web page, including, but not limited to Facebook, MySpace, LinkedIn, Twitter, or a blog from 2009 to the …

New Jersey Supreme Court holds police must obtain warrants for cell-phone tracking data

Today’s cell phones enable people to stay connected to work, family and friends in ways that would have sounded like science fiction to past generations. But even some of the savviest of cell-phone users are unaware of the ways in which their devices may be used against them. To police and prosecutors, a cell-phone, which registers its location with the nearest cell phone tower every seven seconds, is like an individual tracking device. And, as the landscape of cell-phone towers becomes denser, the radius served by each tower becomes smaller, allowing police to track cell-phone users with greater and greater precision. In some areas served by “micro cell sites,” police are able to track cell-phone users within buildings, and even within individual floors and rooms within buildings.

Not surprisingly, law enforcement across the country have made increasing use of cell-phone tracking data to nab criminal suspects as well as to compile evidence in the cases against them — showing exactly where they were when the crime in question was committed. A recent study by the American Civil Liberties Union found that police use of cell-phone tracking data is so widespread that wireless companies now provide police departments with a menu of “surveillance fees” for tracking data and other types of information. Police typically are able to obtain such tracking data without a warrant, but this is where the New Jersey Supreme Court, in State v. Earls, drew the line.…

Failure to identify information as confidential or trade secret pursuant to requirements of non-disclosure agreement can preclude recovery for misappropriation under uniform trade secrets act

A recent decision from the Federal Circuit illustrates the perils of not following the requirements of a non-disclosure agreement (NDA) with respect to identifying information as confidential or trade secret. It is a good reminder that if you go to the trouble of preparing an NDA to protect your trade secrets, you need to follow the NDA, because a failure to do so may cost you the chance to recover under the Uniform Trade Secrets Act (UTSA).

Companies and individuals routinely enter into NDAs in order to maintain and protect the confidentiality of trade secrets that are disclosed during negotiations and business dealings. The general thought is that an NDA affords an additional layer of protection to the trade-secret owner over and above what the UTSA offers. That makes sense. But can an NDA actually supplant the UTSA? The Federal Circuit answered yes in Convolve, Inc. v. Compaq Computer Corp. The court held that if the owner of the trade secret fails to follow the NDA’s requirements for designating disclosed information as confidential or trade secret, that party cannot look to the UTSA for relief against the other party to the NDA for alleged trade-secret misappropriation.…

Ohio federal court permits case alleging employer’s accessing of former employee’s personal emails to proceed

When we think about the issues that employers have been struggling with relating to employee use of personal mobile devices for work, thoughts of data security, trade secret protection, record retention, and even FLSA compliance immediately come to mind — or at least my mind. But, I bet you wouldn’t anticipate what allegedly happened in Lazette v. Kulmatycki, a case decided by the federal court in the Northern District of Ohio on June 5, 2013. In Lazette, the plaintiff alleged that, after plaintiff left her employment, she returned her company-issued BlackBerry (which she used and refers to in her complaint as her “phone”), but did not have the phone wiped. The phone apparently ended up in the clutches of her former supervisor, who, during the ensuing 18 months, allegedly read without her knowledge or authorization 48,000 emails sent to her personal Gmail account. In addition, the plaintiff alleged that the supervisor disclosed the contents of some of the emails to others.

Apparently among the contents of the accessed emails were communications about the plaintiff’s family, career, financials, health and other personal matters. Amazingly, according to the decision, the plaintiff’s former employer, who also was sued, admitted that the supervisor was acting within the scope of his employment and in furtherance of the employer’s interests when he accessed plaintiff’s personal emails. The plaintiff filed a complaint raising five claims:…

Consumer Financial Protection Bureau issues final international remittance transfer regulations

On April 30, 2013, the Consumer Financial Protection Bureau (CFPB) issued its final rule regarding international electronic remittance transfers (i.e., international transfers of money) pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act. The new rule will go into effect on Oct. 28, 2013.

CFPB has stated that the final rule is meant to provide new protections, including disclosure and error resolution and cancellation rights, to consumers who send remittance transfers to foreign persons or businesses.  The rule applies to U.S. banks, thrifts, credit unions, and other commercial international wire transfer providers (but excludes any such entity that consistently provides less than 100 wire transfers a year).

Among other requirements, the final rule generally requires remittance transfer providers to:…