On November 13, 2018, Ballard Spahr lawyers presented a webinar on the SEC’s recent “Report of Investigation” into “business email compromises” affecting public companies.

As noted in our prior blog post, the Report was prompted by the SEC’s investigation into whether nine public companies violated U.S. securities laws “by failing to have sufficient accounting controls” to prevent approximately $100 million in losses as a result of business email compromises targeting their personnel. The SEC investigated whether these companies violated Sections 13(b)(2)(B)(i) and (iii) of the Securities and Exchange Act of 1934. Although declining to pursue enforcement actions against the companies, the SEC emphasized its recent cybersecurity guidance, advising public companies that “[c]ybersecurity risk management policies and procedures are key elements of enterprise-wide risk management, including as it relates to compliance with federal securities laws.” (See our prior alert and blog post regarding the Interpretive Guidance). Continue Reading Listen to Our Webinar on “The SEC’s Special Report on Business Email Compromises: What It Means and What You Should Do”

The Pennsylvania Supreme Court recently issued a sweeping ruling “that accessing any information from a cell phone without a warrant” violates the Fourth Amendment to the United States Constitution. In Commonwealth v. Fulton, the Court suppressed the warrantless search of the contents of a ‘flip phone’ and reversed a murder conviction that flowed from the unlawful search.  The Supreme Court held that the Superior Court’s decision contravened U.S. Supreme Court precedent in Riley v. California and United States v. Wurie, 134 S. Ct. 2473 (2014), holding that searches of cell phones generally require a warrant.

In June 2010, Philadelphia Police arrested I. Dean Fulton and three others on suspicion of unlawful drug activity and gun possession. They seized Fulton’s “smart phone” from his body at the time of the arrest.  They subsequently obtained a search warrant for the vehicle Fulton and the others were in at the time of their arrests.  That search turned up a firearm, a holster, three cell phones and other property.  The cell phones – which included one ‘flip phone’ later connected to Fulton –were provided to the Homicide Division, which was investigating a recent drug-related murder.  Continue Reading Pennsylvania Supreme Court: If You Want to Search a Cell Phone, Get a Warrant!

Massachusetts Attorney General Maura Healey has unveiled a new, “easier and more efficient” way to notify her office of data breaches. The Massachusetts Attorney General’s Office has created an online portal and web form for submitting data breach notifications.  An email announcing the changes was transmitted this week to attorneys who have previously filed data breach notices on behalf of clients. The email requested our “assistance in passing the message along,” which we are hereby doing.

Attorney General Healey stated, “This new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.”  The Attorney General Office’s website will soon include a publicly accessible database of data breaches reported to the Office. Other states, including California and Maryland, have similar public databases.

Continue Reading Massachusetts Attorney General Launches Online Data Breach Reporting Portal

For those of you heading to Legaltech in New York next week, please join me and a great panel for what promises to be a lively discussion of hot topics in IoT and Mobile Discovery.  I’ve been fortunate enough to have been included in Relativity’s session on this topic at a number of conferences, and this next iteration is shaping up to be our best yet.  Here’s our session description:

From the Iron Rooster to Amazon Alexa: Mobile Discovery and the Internet of Things

Whether it’s missing mobile data (Montgomery v. Iron Rooster-Annapolis, LLC), digital data in a truck (Below v. Yokohama Tire Corp.), Fitbit data (State v. Dabate), or data from an Amazon Alexa (State v. Bates) mobile discovery and data from the Internet of Things (IoT) devices present challenges, not only for litigants and their lawyers, but for corporate organizations, paralegals, and technologists as well. In this session, lawyers and consultants, including a former Department of Justice cybercrime coordinator, a prominent discovery attorney, a corporate information governance expert, and a leading legal industry analyst, will address the legal, technical, and practical considerations of mobile, social, and IoT data, including preservation requirements and data privacy limitations.

Here’s the link to the Legaltech page, in case you haven’t registered yet.  Hope to see you in NYC!

Consumers are not the only ones suing retailers for payment card data breaches. The U.S. District Court for the Western District of Washington recently denied, in large part, a motion to dismiss a data breach class action brought by Veridian Credit Union, on behalf of itself and other financial institutions, against Eddie Bauer, LLC. The class action relates to a January 2016 payment card data breach that allegedly impacted “every Eddie Bauer store in the United States and Canada.”

The court dismissed Veridian’s negligence per se claim, but allowed Veridian’s negligence and state statutory claims to proceed. The court’s analysis of choice of law and negligence issues is worth a read. Continue Reading Federal Court Allows Credit Union Data Breach Class Action to Proceed Against Eddie Bauer