Category: Privacy and Data Security
On September 13, 2016, New York Governor Andrew M. Cuomo announced new first-in-the-nation proposed regulations to protect against the ever growing threat of cyber-attacks in the financial services industry. The proposed regulations, to be enforced by the New York State Department of Financial Services, would apply only to an entity regulated by the NY Department of Financial Services – from a multi-national bank to a “mom-and-pop” operation. However, the regulations are important for all companies to review and consider, regardless of their location or scope of operations, because the proposal represents an important step in the ongoing national dialogue about reasonable and necessary cybersecurity standards for all businesses.
On May 11, 2016, President Obama signed the Defend Trade Secrets Act (“DTSA”) into law. President Obama publicly supported this legislation and efforts generally directed to strengthen trade secret protections within the U.S. economy. As we previously reported on May 3, 2016 and November 24, 2015, trade secret misappropriation was formerly treated exclusively as a matter of state law, governed by varied versions of the Uniform Trade Secrets Act as enacted in most states. A lack of uniform enactment of this Act resulted in differences in the application of the law between states, which presented difficulties for trade secret owners seeking to enforce their rights in the general commerce.
On April 27, 2016, the Defend Trade Secrets Act (“DTSA”) passed the House of Representatives with a 410-2 vote. The two no votes were from Rep. Justin Amash (R-MI) and Rep. Thomas Massey (R-KY). Earlier this month, on April 4, the Senate passed the DTSA by a unanimous vote of 87-0. Now, the DTSA heads to President Obama’s desk for his signature.
Last month, judges from the European Court of Justice, the European Union’s top court, issued a judgment striking down a 15-year old agreement, known as the Safe Harbor framework, which allowed American and European businesses to freely move personal data between the two regions. This ruling impacts nearly 4,000 businesses that currently rely on Safe Harbor framework to transfer data between the U.S. and Europe and requires all businesses to revaluate their compliance with Europeans standards.
On July 29, 2015, with bipartisan support, Congressional leaders in both the House and the Senate introduced identical bills, HR 3326 and S. 1890, respectively, entitled, the “Defend Trade Secrets Act of 2015” (“DTSA 2015”). The proposed legislation attempts to authorize a private civil action in federal court for the misappropriation of a trade secret that is related to a product or service used in, or intended for use in, interstate or foreign commerce. Additionally, the proposed legislations seeks to (a) create a uniform standard for trade secret misappropriation; (b) provide parties pathways to injunctive relief and compensatory damages; and (c) create remedies for trade secret misappropriation that are similar to other violations of intellectual property rights, for example, including exemplary damages and attorneys’ fees available in the event of willful and malicious misappropriation of a trade secret. An interesting feature of the DTSA 2015 is the availability of an ex parte seizure order for plaintiffs fearful of the dissemination of their trade secret(s). The proposed ex parte seizure allows for the government to seize property necessary to prevent the propagation or dissemination of the trade secret prior to giving notice of the lawsuit to the defendant.
While the winter holidays are a time for spending and good cheer, the 2013 holiday season was one that continues to be costly for Target. On December 19, 2013, Target publicly announced that computer hackers had stolen data, including credit card payment information, from millions of Target shoppers. In January 2014, Gibbons P.C., in light of the Target data breach, discussed the ramifications of delay in notifying consumers, whether the delay was intentional or as a result of compliance with law enforcement requests. Banks and credit unions, which had issued credit cards affected by the breach, were forced to reimburse Target customers in some cases and reissue millions of cards, brought a class action lawsuit against Target.
On May 28, 2015, U.S. District Judge Lucy Koh in the Northern District of California certified a class of email users in a privacy action that claims Yahoo Inc. (“Yahoo”) violated the federal Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”) through its practice of scanning and analyzing emails of non-Yahoo Mail subscribers in order to display targeted ads to Yahoo Mail subscribers. In re Yahoo Mail Litigation, No. 13-CV-04980-LHK, (N.D. Cal. 2015). Plaintiffs are non-Yahoo Mail subscribers who sent emails to Yahoo Mail subscribers from non-Yahoo email accounts and allege that Yahoo routinely copies and extracts key words from emails and stores this information for later use. Plaintiffs allege that Yahoo’s practices violate § 2702(a)(1) of the SCA, which prohibits, among other items, divulging the contents of a communication without consent and § 631 of CIPA, which prohibits the recording or reading of any type of communication without the prior consent of all parties.
Effective October 1, 2015, employers in the State of Connecticut are restricted from requiring or requesting employees and job applicants to provide access to “personal online accounts,” which include email, social media and retail-based Internet web sites used exclusively for personal reasons. Specifically, the new law (Public Act No. 15-6) (“the Act”), prohibits employers from requesting or requiring employees or job applicants to: provide the username and password, password, or other means of authentication to access an individual’s personal online account; authenticate or access a personal online account for the employer to view; or invite an employer to accept an invitation or be compelled to accept an invitation from an employer to join a group related to a personal online account.
On May 6, 2015, New York City Mayor, Bill De Blasio, signed legislation proposed by the City of New York likely to limit an employer’s ability to use credit checks when making hiring and retention decisions. The law goes into effect 120 days from May 6, 2015, or on September 3, 2015. We analyzed the new law in detail in a recent blog.
The City of New York likely will tighten the reins on an employer’s ability to use credit checks when making hiring and retention decisions. The City Council approved a bill that would amend the New York City Human Rights Law, § 8-102 et seq. (“NYCHRL”) to prohibit an employer, labor organization, employment agency, or their agents from using an applicant’s or employee’s “consumer credit history” for employment purposes or to otherwise discriminate against an applicant or employee based on consumer credit history. If the legislation is signed by the Mayor – on whose desk the proposed bill now sits – it will go into effect within 120 days after the Mayor signs.