By Talia Karas A federal court in California ruled in favor of sanctions against Google last week for failing to preserve records. Google’s document retention policy required individual employees to identify internal chat conversations responsive to a litigation hold. The court found this policy to be in violation of Google’s duty to preserve electronically-stored information under the Federal Rule of Civil Procedure 37(e). The consolidated case arose out of antitrust litigation regarding Google’s “Play Store” Application on Android cell-phones. In re Google Play Store Antitrust Litigation, 2 ..read more

By Bide Akande Employers beware: A recent holding out of Illinois has determined that employees may sue employers who collect and/or disclose employees’ biometric data. On Feb. 3, 2022, the Illinois Supreme Court issued a significant decision in McDonald v. Symphony Bronzeville Park, LLC, et al., impacting current and  future claims against employers involving the Illinois Biometric Information Privacy Act (BIPA). The McDonald decision effectively held that the exclusive remedy provisions of the Illinois Workers’ Compensation Act (IWCA) do not apply to BIPA claims, an ..read more

By Donna Ruscitti Porter Wright is proud to announce that international business and privacy & data security attorney Katja Garvey has been elevated to serve as chair of the firm’s International Business & Trade Practice Group. As chair, she will work alongside the 40 attorneys on the team to uphold client service, develop business strategy, expand global connections and distribute critical legal updates. International business, and privacy and data security experience A German native, Katja thrives on helping international businesses to bridge complex legal and cultural divides. Fro ..read more

By Craig Fullen, Matthew Lapin, Donna Ruscitti and Kevin Scott BIS has issued an interim final rule, and entities dealing with cybersecurity exports are being asked to submit comments by early December. In this latest edition of our Privacy and Security Roundup, we share the details of the final rule’s two key measures including export restrictions and a new License Exception, provide an update on cyber incident reporting legislation, discuss modifications to the GLBA Safeguards Rule and much more. RECENT DEVELOPMENTS White-hat activities and potential impact of new cybersecurity export contr ..read more

By Kevin Scott, Diana Lingyu Jia and Donna Ruscitti Across the globe, concerns continue regarding cryptocurrencies and digital currency exchanges. In the October edition of our Privacy and Security Roundup, we dive into the latest details surrounding OFAC’s efforts to stifle ransomware attacks, how organizations should carefully assess the new Personal Information Protection Law in China, the new EU Standard Contractual Clauses requirement effective Sept. 27, and more. RECENT DEVELOPMENTS Increasing government pressure on cryptocurrencies and related businesses The exchange infrastructure tha ..read more

By Matthew Lapin and Kevin Scott On Sept. 21, 2021, the Department of Treasury, Office of Foreign Assets Control (OFAC), updated its published guidance regarding sanctions risks associated with making ransomware payments and its official policy on such payments. This updated guidance, taken in conjunction with OFAC’s recent sanctions designation of a cryptocurrency payment exchange frequently used for ransomware payments, and other ongoing regulatory legislative efforts to address ransomware attacks, further highlights the whole of government effort by the United States to discourage ransomwa ..read more

By Kevin Scott and Donna Ruscitti Not only are public and private companies increasingly targeted for cyber-attacks, but local and state governments across the country are as well. In our latest Privacy and Security Roundup, we cover the Senate-passed bill that includes nearly $2 billion in national cybersecurity funding, recent sanctions by the SEC on investment advisors and broker-dealers, a new initiative that aims to improve defense planning and information sharing between the public and private sectors, and more. RECENT DEVELOPMENTS An opportunity to improve national cybersecurity at sta ..read more

By Kevin Scott and Donna Ruscitti More states, including Ohio, are working on comprehensive consumer privacy laws that could impact how companies share data. In our August 2021 Privacy and Security Roundup, we cover the nuances in the various legislation, more ransomware and supply chain attacks and news of a messaging app used as a Trojan horse by the FBI. Recent Developments A new comprehensive consumer privacy law On July 8, 2021 Colorado became the third state to enact a comprehensive privacy law known as the Colorado Privacy Act (CPA). Similar to the California Consumer Privacy Act (CCPA ..read more

By Katja Garvey On June 4, 2021, the European Commission (EC) adopted a modernized set of standard contractual clauses for international data transfers (New SCCs) aimed at better protection of the data businesses transfer out of the European Union (EU). These New SCCs, which will take effect on June 27, 2021, will replace the standard contractual clauses that were adopted under the former EU Data Protection Directive in 2001, 2004 and 2010 (Previous SCCs). The New SCCs were eagerly awaited due to the tremendous amount of uncertainty following the Court of Justice of the European Union’s (CJEU ..read more

By Kevin Scott and Donna Ruscitti The past few weeks have provided some big developments in the area of data privacy and security. In this Privacy and Security Roundup, we cover a ransomware attack on the largest oil pipeline in the U.S., an Executive Order from President Joe Biden to enhance U.S. cybersecurity and potential mandatory reporting/sharing requirements, the U.S. Supreme Court weighing in on the Federal Trade Commission’s ability to seek monetary relief, and more. Recent Developments FBI confirms ransomware attack on Colonial Pipeline Co. On May 9, 2021, the Federal Bureau of Inve ..read more