Nearly a decade ago, WikiLeaks ushered in the age of mass leaks. Since then, corporations, governments, public figures and private entities have increasingly had to reckon with a new reality: that vigilantes, activists, extortionists and even state actors can silently steal and rapidly disseminate proprietary information, including customer data and other sensitive information. Last month, the Department of Justice (“DOJ”) indicted four individuals based on information first revealed in the “Panama Papers” leak. This marks a significant milestone in law enforcement’s reliance on evidence based on an unauthorized mass leak of information. While leaks and hacks are not a novel phenomenon—in 1971, the New York Times published top secret documents on the Vietnam War and, in 1994, a paralegal leaked tobacco industry documents that ultimately cost the industry billions of dollars in litigation and settlement costs—the frequency, scale and ease of dissemination of leaked information today presents a difference not only of degree, but of kind. The new Panama Papers-based criminal case will likely raise a host of novel legal issues based on legal challenges to the DOJ’s reliance on information illegally obtained by a third party, as well as information that would ordinarily be protected by the attorney-client privilege. In this memorandum, we discuss the potential issues raised by the prosecution and their implications.
Continue Reading U.S. Criminal Prosecution Based on Panama Papers Hack Raises Novel Legal Issues
Martha E. Vega-Gonzalez
California’s Groundbreaking Privacy Law: The New Front Line in the U.S. Privacy Debate
On the heels of the European Union’s implementation of the General Data Protection Regulation (“GDPR”) and public outcry over the Cambridge Analytica scandal, on June 28, 2018, California enacted the most comprehensive data privacy law to date in the United States. The California Consumer Privacy Act of 2018 (the “CCPA”) was hastily passed by the…
All 50 States Now Have Data Breach Notification Laws
As of last month, when South Dakota and Alabama passed data breach notification laws, all 50 states (as well as the District of Columbia and several U.S. territories) now have data breach notification laws on their books.
Continue Reading All 50 States Now Have Data Breach Notification Laws
FTC Releases Annual Report on Privacy and Data Security
On January 18, the Federal Trade Commission (“FTC”) released its Privacy & Data Security Update: 2017, describing its activities in the areas of consumer privacy and data security during the past year.
The report highlights the breadth of the FTC’s enforcement actions, both under Section 5 of the FTC Act, which prohibits unfair or deceptive…
Financial Stability Board Highlights Multiplicity of Cybersecurity Regulations in the Financial Sector
Last week, the Financial Stability Board (“FSB”) released the results of its stocktake on existing regulations and supervisory practices in G20 jurisdictions with respect to cybersecurity in the financial sector. The FSB is an international body that coordinates the work of national financial authorities and international standard-setting bodies, and the stocktake — essentially a survey — was requested by the G20 Finance Ministers and Central Bank Governors in March 2017.
Continue Reading Financial Stability Board Highlights Multiplicity of Cybersecurity Regulations in the Financial Sector
Deputy AG Rosenstein Addresses Public-Private Collaboration on Cybersecurity
In his remarks yesterday at the Cambridge Cyber Summit, Deputy Attorney General Rod J. Rosenstein discussed the ever-growing threat posed by cyber criminals, the DOJ’s recent successes in combating cyber threats, and how private corporations and law enforcement can collaborate in the battle against cybercrime.
Continue Reading Deputy AG Rosenstein Addresses Public-Private Collaboration on Cybersecurity