On April 30, 2018, BLU Products, Inc. (“BLU”) reached a settlement with the Federal Trade Commission (“FTC”) over allegations that BLU allowed ADUPS Technology Co. LTD (“ADUPS”) to collect detailed personal information about BLU’s consumers without their knowledge or consent, despite BLU’s assurances that … Read More

On April 23, 2018, Senators Klobuchar (D-Minn.) and Kennedy (R-La.) introduced the Social Media Privacy Protection and Consumer Rights Act of 2018 (“the Act”), which was referred to the Senate Commerce Committee. Like the CONSENT Act introduced by Senators Markey (D-Mass.) and Blumenthal (D-Conn.)—discussed in detail in our … Read More

In January 2018, at the Eleventh Annual International Conference on Computers, Privacy and Data Protection (the “Conference”) in Brussels, one panel that made some headlines centered around blockchain technology in the context of data protection. The core inquiry of the panel was two-fold: (1) whether blockchain technology can … Read More

One of the many difficult questions that companies face in the immediate aftermath of discovering a cyber breach is whether to inform their regulators or law enforcement.  Assuming there is no mandatory disclosure obligation, some companies are reluctant to call the government because (1) they may not know all the … Read More

On February 21, 2018, the Securities and Exchange Commission (“SEC”) issued a statement and interpretive guidance on issuers’ cybersecurity disclosures.   For a general discussion of the guidance, see Davis Polk’s recent Client Memorandum.  Although the guidance does not impose any new requirements on issuers, the SEC’s emphasis on Board … Read More

For the first time, the CFTC has fined a company for poor cybersecurity practices that resulted in a third-party breach of the company’s information systems.  This development is consistent with an increasing trend of regulators holding companies responsible for the cybersecurity failures of third-party service providers.

AMP Global Clearing LLC … Read More

Cryptojacking is the newest cyber threat that companies are facing.  It involves hackers accessing company servers in order to steal processing power, which is then used to mine cryptocurrencies.

With the recent increase in value of digital assets such as bitcoin, Ether, and Monero, it is not surprising that criminal … Read More

One of many difficult decisions that companies face following a cyber breach is whether to disclose it to law enforcement.  There are several advantages to involving the FBI in a breach response: they may (1) have seen this kind of hack before; (2) know the malware or persons involved; (3) … Read More

If you haven’t been closely following, you may be of the mistaken view that without evidence of actual harm, consumer plaintiffs in federal cyber breach cases have no standing.  While that may have been roughly correct in 2016, the story in 2018 is more complicated, and getting better for plaintiffs.… Read More