Archives: Litigation

Subscribe to Litigation RSS Feed

The Ninth Circuit Holds that California’s Anti-Hacking Law, Penal Code Section 502, does not Proscribe Unauthorized “Access” to a Database; Rather, the Section Prohibits Unauthorized Use, Copying, or Manipulation of Information in the Database

California’s Computer Data Access And Fraud Act, Cal. Pen. Code, § 502 (“CDAFA”) is a state law analog to the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. (“CFAA”).  Both are aimed at fighting unauthorized intrusions into electronic data (for a primer on these statutes, see “Strategies For Businesses Protecting Electronic … Continue Reading

Settlement in Home Depot Class Action Provides Data Security Corporate Governance Framework for Companies

The latest settlement in Home Depot’s data breach litigation provides a data security framework for corporate governance that may be used by other companies as a template.  Based on claims arising from a massive data breach in 2014 involving 56 million credit cards, Home Depot Inc. recently settled both a shareholder derivative action and a class … Continue Reading

SEC Hints that Enforcement Actions on Lax Cybersecurity Might Be Coming

With the confirmation of Jay Clayton as the Chair of the Securities and Exchange Commission, comments made last month by the Acting Enforcement Director, Stephanie Avakian, regarding the importance of accurate reporting in the area of cybersecurity, and consequences of inaccurate reporting, may get lost.  At a speech last month, Ms. Avakian, on behalf of the … Continue Reading

Google Ruling may give Government an Opening to Broaden its Power Under Outdated Stored Communications Act

As technology progresses and the world becomes even more interconnected, the scope of the Stored Communications Act (“SCA” or “Act”) has become a topic of much interest in the federal courts. One question courts have grappled with lately is whether law enforcement may subpoena data stored on foreign servers under the Act. A recent ruling by Magistrate … Continue Reading

IRS Data Breach Class Action Dismissed

Last week, the Internal Revenue Service successfully defeated a putative class action related to a data breach it suffered in 2015. The D.C. District Court’s decision dismissing the suit demonstrates the high bar required to hold a federal agency accountable for lapses in cybersecurity. In Welborn v. IRS (Case No. 15-1352, D.D.C.), Plaintiffs Becky Welborn, … Continue Reading

Ninth Circuit Issues Two Recent Decisions Further Definining Liability Under the Computer Fraud and Abuse Act

In July, the Ninth Circuit Court of Appeals issued two decisions by which it intends to clarify liability under the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”).  The CFAA imposes criminal penalties and civil damages upon whoever “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds … Continue Reading

Ninth Circuit Rules on Meaning of “Without Authorization” under Computer Fraud and Abuse Act

Last month, the Ninth Circuit affirmed the criminal conviction of an individual for accessing a computer “without authorization” in violation of the Computer Fraud and Abuse Act (“CFAA”).  U.S. v. Nosal (9th Cir., July 5, 2016). The CFAA imposes criminal penalties on whoever “accesses a protected computer without authorization, or exceeds authorized access . . … Continue Reading

Regulators Nationwide Weigh in on CPUC Litigation

In May, we posted a blog on litigation filed by telecom providers and trade associations to prevent the California Public Utilities Commission (CPUC) from requiring Plaintiffs to turn over competitively sensitive data to a third party. Plaintiffs allege that disclosure of that data would violate regulations issued by the Federal Communications Commission (FCC) regarding the … Continue Reading
LexBlog