Related Practices

E-Commerce Law Week, Issue 833

December 27, 2014

Congress Finally Passes A Cybersecurity Bill ...

… three, in fact.  But the bills are extremely modest in scope, which explains why they were able to make it through the dysfunctional body.  Two bills (S. 2519 and H.R. 2952) seek to improve the Department of Homeland Security’s ability to prevent and respond to cyberattacks, while the third (S. 2521) strives to reform security procedures affecting all federal agencies.  With the cyberattack and threats against Sony dominating headlines, and the prospect of similarly brazen attacks against other companies growing after Sony’s capitulation, the big question is whether Congress attempts anything more ambitious in 2015.

Ninth Circuit Expands Scope of Cell Phone Privacy

In Riley v. California, the U.S. Supreme Court held that the search-incident-to-arrest exception to the warrant requirement does not apply to mobile phones.  Earlier this month, in United States vs. Camou, the Ninth Circuit extended the logic of Riley to hold that two other exceptions to the warrant requirement – one for exigent circumstances, and one for searches of vehicles – also do not apply to mobile phones.  This is just the latest example of the broadening ripple effects of Riley in the area of digital privacy.  By the time the last ripple reaches shore, the name “Roberts” might be heralded along with “Brandeis” and “Blackmun” as among the paragons of privacy jurisprudence.  And that will be an ironic legacy for the same Administration that gave us the Patriot Act, the 215 program, and PRISM.

Court Permits Banks’ Negligence Claims Against Target For Data Breach

The U.S. District Court for the District of Minnesota has denied Target’s motion to dismiss negligence claims alleged by five banks following the December 2013 hacking incident that compromised the personal and financial information of approximately 110 million customers.  According to the class action complaint, filed in In re: Target Corporation Customer Data Security Breach Litigation on behalf of all financial institutions whose customers made Target purchases during the relevant period, the data breach caused the banks to suffer substantial losses such as the costs of reissuing credit and debit cards, notifying customers about the breach and addressing their complaints, monitoring accounts for fraud, and reimbursing customers affected by it.  The court ruled that the banks had sufficiently alleged that Target had breached a duty of care under state law in that the harm to the banks was caused and exacerbated by Target’s actions and inactions.

TD Bank Settles For $625,000 In Massachusetts Data Breach Suit

TD Bank has agreed to pay Massachusetts $625,000 to settle claims that it allegedly failed to provide timely notification to the state or affected individuals of a 2012 data breach.  While the bank denies violating any laws or committing any wrongdoing, it has entered an assurance of discontinuance agreement with the state Attorney General’s office in order to “avoid the time, expense, and uncertainty of litigation.”  This settlement comes just months after TD Bank agreed to pay a penalty of $850,000 following a two-year investigation of the breach by nine other state attorneys general.

UK Tribunal OK’s Mass Surveillance

The UK’s Investigatory Powers Tribunal has rejected legal challenges to the British government’s electronic surveillance and data collection program. The Tribunal dismissed the complaint of privacy groups Liberty, Privacy International, the American Civil Liberties Union, and Amnesty International that the UK’s Government Communications Headquarters (GCHQ) had violated European and British law by monitoring UK citizens’ private electronic communications and accessing those that had been intercepted by the U.S. National Security Agency.  While the Tribunal found that the British government’s alleged intelligence gathering scheme was “lawful and human rights-compliant,” with adequate safeguards against arbitrary privacy violations, it left open the question whether the manner in which the groups’ own particular communications were monitored was unlawful.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie, eCommerce Specialist.