Photo of Alexis Collins

Alexis Collins’ practice focuses on litigation, including criminal and regulatory enforcement matters and complex civil and antitrust litigation.

On Tuesday, November 12, 2019, the U.S. Federal Trade Commission (“FTC” or “Commission”) announced a proposed settlement with InfoTrax Systems, L.C. (“InfoTrax”), a third-party service provider, regarding multiple data security failures.  As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network.  This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider.  The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Continue Reading

The final version of the California Consumer Privacy Act of 2018 is coming into view.

On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session.  (We previously discussed the CCPA 

On October 11, 2019, the leaders of the Commodity Futures Trading Commission, Financial Crimes Enforcement Network, and Securities and Exchange Commission issued a joint statement to remind businesses that engage in digital asset activities of their anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations under the Bank Secrecy Act (“BSA”).

As market

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.   
Continue Reading

On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets.  In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the launch of ICOs in digital asset securities since 2017.
Continue Reading

California’s 2019 legislative session has drawn to a close with passage of five amendments to the California Consumer Privacy Act (CCPA) during the final days of the session.  Assuming that the bills are timely signed by the Governor before the October 13 deadline, businesses will finally have the complete version of the statute that will

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading

On June 24th, Senators Mark Warner (D-VA) and Josh Hawley (R-MO) introduced a bill that would require large technology companies to regularly disclose to their users and the Securities and Exchange Commission (SEC) the value of the user data they collect and monetize.  The bipartisan bill, cited as the Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data (DASHBOARD) Act, is intended to capture major online platforms such as Amazon, Facebook, Google and Twitter that offer “free” services to users while monetizing user data through targeted advertising.

Continue Reading

Potentially signaling an expansion of the scope of constitutional standing in data breach cases, a district court in the Northern District of California recently held that the exposure of users’ non-sensitive, publicly available personal information may be sufficient to establish an injury-in-fact.[1]
Continue Reading

In the past year, members of the U.S. Congress and Senate on both sides of the aisle have proposed data privacy bills that would impose nationwide standards on companies who collect and/or share consumers’ personal information. Currently, all 50 states have separate, but often overlapping, data privacy regimes—each subjecting companies to various combinations of recordkeeping standards, data sharing restrictions, and data breach reporting requirements—creating a patchwork of state laws that can generate substantial uncertainty for corporations.
Continue Reading