Photo of James Brennan

James Brennan

Contact: Read more about James Brennan

This week a federal court in the Southern District of New York dismissed a privacy litigation brought against a website operator for claims under the federal Video Privacy Protection Act (“VPPA”), holding the allegation that plaintiffs had electronically subscribed to defendant’s newsletter was not sufficient for them to qualify as “subscribers” under the VPPA.  Carter v. Scripps Network LLC, Case No. 1:22-cv-02031 (S.D.N.Y.)

As Privacy World has previously covered, dozens of website operators have been named as defendants recently in putative class actions, with claims also being filed in arbitration, for alleged violation of the VPPA.  In many circumstances, plaintiff in such cases allege that the defendant improperly disclosed their video viewing history to social media companies for advertising purposes.  Because this ruling limits the scope of claims that can be brought under the VPPA and is persuasive authority in other pending cases, it will likely be relied upon by defendants going forward.

Continue Reading Federal Court Dismisses Privacy Claims Brought Against Website Operator, Finding Online Subscriptions for Electronic Newsletter Insufficient To Impose Liability Under Federal Video Privacy Protection Act

The Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, is a federal statute that was enacted in 1988 in response to the disclosure and publication of then-Supreme Court nominee Robert Bork’s video rental history without his consent.  To prevent repeats of the Bork incident, the VPPA generally prohibits any “video tape service provider” from

Last week, on March 15, 2023, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) continued its aggressive push to regulate the cybersecurity of entities in the financial services sector, proposing three rules affecting a variety of SEC-regulated entities, including broker-dealers, investment companies, and investment advisers, as we covered here on Privacy World.  These

Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed revisions to its regulations under the Privacy Act of 1974, 5 U.S.C. § 552a.  The Privacy Act is a federal statute governing the collection and use of personal information by federal agencies.  The statute gives individuals a right to access records about themselves and to

Last week, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with Blackbaud, Inc., a software provider, for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 of its customers.  The recent charges continue a flurry of activity from the SEC Enforcement Division’s Crypto Assets and Cyber Unit related to

The United States Court of Appeals for the Ninth Circuit recently affirmed a California federal district court’s dismissal of a shareholder’s securities fraud complaint against cybersecurity technology company Finjan Holdings, Inc.  In re Finjan Holdings, Inc., No. 21-16702, 2023 WL 329413 (9th Cir. Jan. 20, 2023). While the ruling is a win for

Last summer, the Court of Appeals for the Ninth Circuit buoyed plaintiffs’ lawyers  interest in “session replay” software when it revived a putative class action against a website operator and a session replay software provider for violations of the California Invasion of Privacy Act (CIPA).  Earlier this month, addressing issues left by the Ninth Circuit

The Supreme Court today dismissed as “improvidently granted” a case involving an unnamed law firm seeking to prevent the U.S. government from accessing the records of a client accused of violating tax laws.  The law firm had previously asserted that the documents at issue were protected under attorney-client privilege.  In re Grand Jury, Dkt.

Last week, the U.S. Securities and Exchange Commission (“SEC”) filed an enforcement action in federal court requesting that the court compel an international law firm to comply with an administrative subpoena by disclosing the names of its clients whose information was obtained by malicious actors through a cyberattack on the law firm.  This lawsuit may

Last month, the Securities and Exchange Commission (“SEC”) was hit with a complaint in federal court alleging that the agency has been untimely in responding to a Freedom of Information Act (“FOIA”) request for documents related to an admitted “control deficiency” that allowed certain SEC personnel to access databases in violation of the agency’s governing regulations.  The complaint piles on to recent challenges to the SEC’s enforcement structure, at a time when the SEC is proposing issuing cybersecurity and data privacy regulations affecting private entities.

To understand the significance of the complaint and FOIA request, a brief background on the SEC’s structure is necessary.  By statute, the SEC is authorized to conduct investigations into the violations of securities laws.  See 15 U.S.C. § 78u(a).  The SEC is also statutorily enabled to adjudicate cases against violators using an “in-house” administrative proceeding instead of filing a complaint in federal district court.  See, e.g., 15 U.S.C. §§ 78u-2, 78u-3.  However, the Administrative Procedure Act and corresponding SEC regulations prohibit any employee who is part of an enforcement investigation from either participating or advising in an adjudication or from communicating with the in-house judge without the accused violator present.  See 5 U.S.C. §§ 554(d), 557(d)(1); 17 C.F.R. 201.120–.121.

Continue Reading SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access