On Tuesday, October 11, 2016, the D.C. Circuit Court issued its opinion in PHH Corp. v. Consumer Financial Protection Bureau, holding that the Consumer Financial Protection Bureau (CFPB) was unconstitutionally structured. In the majority opinion, Judge Kavanaugh described the position of CFPB Director as, in terms of unilateral authority, “the single most powerful official in […]
Data Protection
New York State Financial Services Regulator Issues Proposed Cybersecurity Regulations
On September 13, 2016, Governor Andrew Cuomo announced the issuance of proposed “first-in-the-nation” cybersecurity regulations for entities regulated by the New York Department of Financial Services (DFS), including jurisdictional banks, insurance companies, and other financial institutions. The proposed regulation will be subject to a 45-day comment period prior to being issued as a final rule. […]
Report Suggests Organizations Still Vulnerable to Credential Management and Network Segmentation Attacks
The Multi-State Information Sharing and Analysis Center (MS-ISAC) published its 2016 mid-year review on August 22, 2016, highlighting large incidents of malware infections, with particular emphasis on ransomware and click fraud malware. In contrast to the MS-ISAC report, however, an August 2016 report suggests most organizations would benefit from addressing issues of credential management and […]
Eighth Circuit Decision Interpreting Spokeo Shows Impact of Supreme Court Decision on Privacy Actions
In issuing its decision in Braitberg v. Charter Communications, the Eighth Circuit recently became the first federal appellate court to issue a published opinion interpreting Spokeo and, as predicted, shows that the Supreme Court’s ruling will have a significant impact on the viability of privacy-related claims. In Braitberg, the plaintiff alleged that Charter indefinitely retained […]
Austrian Supreme Court Refers Schrems Consumer Class Action to ECJ
Just under a year ago today, the European Court of Justice (ECJ) issued its Schrems decision, which invalidated Safe Harbor and led to substantial developments in US-EU data-transfer mechanisms. In parallel to the ECJ Safe Harbor litigation, Mr. Schrems has maintained two further legal proceedings in the EU: (1) a challenge in the Irish courts […]