Mark L. Krotoski, Pulina Whitaker and W. Scott Tester | January 11, 2017 | Data Privacy
A key issue in determining whether notification is required following a data breach is whether “personal information” (PI) was acquired by an unauthorized person. US states vary significantly in defining what information qualifies as PI.1 As part of a recent trend,...
Orin S. Kerr | December 9, 2016 | Data Privacy, Sentencing
This article argues that the existing regime for sentencing violations of the Computer Fraud and Abuse Act (“CFAA”) is based on a conceptual error that consistently leads to improper sentencing recommendations. The Federal Sentencing Guidelines treat CFAA violations...
Pauline Toboulidis | December 7, 2016 | Data Privacy
Security breaches remain big news, virtually every day. Executives and managers understand it is a question of “when,” not “if,” their companies will be targeted. Companies in all industries, as well as a host of other organizations, are affected. Hackers are engaged...
Linn Freedman | October 17, 2016 | Data Privacy
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble stores. The Judge found that the...
Daniel Ray | October 10, 2016 | Data Privacy
On September 14, 2016, U.S. Representative Ed Perlmutter (D-Colo.) introduced the “Data Breach Insurance Act,” which would incentivize private industry to enhance its cybersecurity posture by providing federal income tax credits. Specifically, the bill would reward...
