The Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, is a federal statute that was enacted in 1988 in response to the disclosure and publication of then-Supreme Court nominee Robert Bork’s video rental history without his consent. To prevent repeats of the Bork incident, the VPPA generally prohibits any “video tape service provider” from
Last week, on March 15, 2023, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) continued its aggressive push to regulate the cybersecurity of entities in the financial services sector, proposing three rules affecting a variety of SEC-regulated entities, including broker-dealers, investment companies, and investment advisers, as we covered here on Privacy World. These
Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed revisions to its regulations under the Privacy Act of 1974, 5 U.S.C. § 552a. The Privacy Act is a federal statute governing the collection and use of personal information by federal agencies. The statute gives individuals a right to access records about themselves and to
Last week, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with Blackbaud, Inc., a software provider, for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 of its customers. The recent charges continue a flurry of activity from the SEC Enforcement Division’s Crypto Assets and Cyber Unit related to
The United States Court of Appeals for the Ninth Circuit recently affirmed a California federal district court’s dismissal of a shareholder’s securities fraud complaint against cybersecurity technology company Finjan Holdings, Inc. In re Finjan Holdings, Inc., No. 21-16702, 2023 WL 329413 (9th Cir. Jan. 20, 2023). While the ruling is a win for
Last summer, the Court of Appeals for the Ninth Circuit buoyed plaintiffs’ lawyers interest in “session replay” software when it revived a putative class action against a website operator and a session replay software provider for violations of the California Invasion of Privacy Act (CIPA). Earlier this month, addressing issues left by the Ninth Circuit
The Supreme Court today dismissed as “improvidently granted” a case involving an unnamed law firm seeking to prevent the U.S. government from accessing the records of a client accused of violating tax laws. The law firm had previously asserted that the documents at issue were protected under attorney-client privilege. In re Grand Jury, Dkt.
Last week, the U.S. Securities and Exchange Commission (“SEC”) filed an enforcement action in federal court requesting that the court compel an international law firm to comply with an administrative subpoena by disclosing the names of its clients whose information was obtained by malicious actors through a cyberattack on the law firm. This lawsuit may
Last month, the Securities and Exchange Commission (“SEC”) was hit with a complaint in federal court alleging that the agency has been untimely in responding to a Freedom of Information Act (“FOIA”) request for documents related to an admitted “control deficiency” that allowed certain SEC personnel to access databases in violation of the agency’s governing regulations. The complaint piles on to recent challenges to the SEC’s enforcement structure, at a time when the SEC is proposing issuing cybersecurity and data privacy regulations affecting private entities.
To understand the significance of the complaint and FOIA request, a brief background on the SEC’s structure is necessary. By statute, the SEC is authorized to conduct investigations into the violations of securities laws. See 15 U.S.C. § 78u(a). The SEC is also statutorily enabled to adjudicate cases against violators using an “in-house” administrative proceeding instead of filing a complaint in federal district court. See, e.g., 15 U.S.C. §§ 78u-2, 78u-3. However, the Administrative Procedure Act and corresponding SEC regulations prohibit any employee who is part of an enforcement investigation from either participating or advising in an adjudication or from communicating with the in-house judge without the accused violator present. See 5 U.S.C. §§ 554(d), 557(d)(1); 17 C.F.R. 201.120–.121.Continue Reading SEC Accused of Violating FOIA Deadlines for Documents on Improper Database Access
CPW’s Kristin Bryan, Scott Warren, and James Brennan will be key speakers at the Global Legal ConfEx on “GRC, Data Privacy & Cyber Security” on Thursday, November 17, 2022, in San Francisco.
Continue Reading CPW’s Kristin Bryan, Scott Warren, and James Brennan to Speak at Conference on Data Privacy, Cybersecurity, and Governance, Risk & Compliance